tomorrow starts here - security everywhere

1 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Tomorrow Starts Here Security Everywhere

Mandar Rege, Security Principal Cisco Security Solutions

Tomorrow Starts Here

Mandar Rege, Principal

Cisco Security Solutions

Security Everywhere


Agenda

H OW?


Security video


Are Canadian Businesses Prepared for Future Security Threats?

60% of Canadian businesses don’t have Security strategies in place—or are unsure how to prepare their networks for evolving mobile and cloud-based models

Source: Cisco and IDC Canada Survey, Dec. 2014


Are Canadian Businesses Prepared for Future Security Threats?

60% Less than 60% of Canadian businesses have IT solutions in place to protect company data on employee-owned devices.

Source: Cisco and IDC Canada Survey, Dec. 2014

31% of Canada’s largest companies are unsure if their IT security strategy accounts for evolving data center and IT consumption models.


Market Trends

Massive Increase in Connected Devices

Process Things People Data

+ + +

Rise of Cloud Computing

Changing Business Models, Architectures

& Service Delivery

The World Has Gone Mobile

Mobile Traffic Growth

2013-2019

10X

Ubiquitous Access to Apps

180 billion apps will download in

2015


IoT Challenges

Data Capture, store, and analyze data

Things

Connect to capture useful data

Process Business and operational benefits

People Enable workers

1230 Respondents Source: Cisco Consulting Services Global IoT Study, 2014

20%

27%

13% 40%

Which Areas Does Your Organization Need to Improve to Capitalize on IoT?


Bus

ines

s an

d S

ocie

tal

Impa

ct

Intelligent Connections

§  Email §  Web Browser §  Search

Connectivity Digitize Access to

Information §  Social §  Mobility §  Cloud §  Video

Immersive Experiences

Digitize Interactions (Business

and Social)

§  E-commerce §  Digital Supply Chain §  Collaboration

Networked Economy

Digitize Business Process Connecting

§  People §  Process §  Data §  Things

Internet of Everything

Digitize the World

Evolution of the Internet


1B 1M 1K 10B 50B

CONNECTED THINGS


Internet of Things …and Everything

Every company becomes a technology company… Every company becomes a security company


Cyber Security is a Boardroom Discussion

Security breaches are costly

Cisco Confidential 12 ©2014 Cisco and/or its affiliates. All rights reserved.

Security is the #1 issue for your customers

Protect now the value you intend to create tomorrow


The Security Problem

Changing Business Models

Dynamic Threat Landscape

Complexity and Fragmentation





Security Challenges Increasing Connectivity Drives New Business Models

90% of organizations are not

fully aware of all network devices

5-10 times more cloud services

are being used than known by IT

92% of top Android apps carry

security/privacy/risk

14% of organizations had malware enter the

corporate network through social media/web apps

BYOD Social Media Cloud App Stores


60%




Security Challenges Threats Hide in Plain Sight and Attack Swiftly

of data is stolen in

of point-of-sale intrusions aren’t discovered for

27 of breaches remain undiscovered for

increase of companies reporting a $10M loss or more in the last

2015

51% 54% 85%


Security Challenges Security Silos Complicate Protection

Security Vendors at RSA

Demand for Security Talent

Complexity Talent Fragmentation

45 Security Vendors for

Some Customers

480 12x





Growth in Security

Source: Gartner

Total Security Market

Security Product Market

Security Services Market

$95B CAGR 8.4% 2015-2018

$32B CAGR 6.4% 2015-2018

$63B CAGR 9.6% 2015-2018


Cisco Security Hypothesis

Advisory Integration Managed Threat-centric Platform-based Visibility-driven

Operational Focus Talent Shortage

+ Security Challenges

+

Requires Improved Outcomes


Cisco Intelligence

10I000 0II0 00 0III000 II1010011 101 1100001 110 101000 0II0 00 0III000 III0I00II II II0000I II0

110000III000III0 I00I II0I III0011 0110011 101000 0110 00 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00 1100001 110 1100001110001III0 101000 0110 00

Threat Intelligence

Research Response

Collective

Security Intelligence


Cisco Threat Intelligence Unprecedented Breadth & Depth

100TB 1.6M 13B 120,000 Daily Security Intelligence Daily Web Requests Deployed Security Devices Daily Malware

Sandbox Reports

100TB Security

Intelligence

1.6M Deployed Devices

13B Web

Requests

150,000 Micro-

applications

1,000 Applications

93B Daily Email Messages

35% Enterprise

Email

5,500 IPS

Signatures

150M Deployed Endpoints

3-5 min Updates

5B Daily Email

Connections

4.5B Daily Email

Blocks

14M Deployed Access

Gateway

75,000 FireAMP Updates

6,000 New Clam

AV Sigs

120K Sandbox Reports

Cisco Security Intelligence Global Visibility Global Footprint


Market Leadership


Security Product Portfolio

Email Policy & Access

Web

NGFW

/NGIPS Advanced Threat


Security Service Portfolio

Assessments

Architecture & Design

Program Strategy

Managed SecurityProduct Support Hosted Security

Optimization

Migration

Integration

Advisory

Managed

Integration


Continued Security Technology Innovation Inorganic Growth

2007 2009

2012

2013

2014

20152011

Messaging & Web Security Appliance

XML Firewall Cloud Security Advanced Malware Protection (AMP)

UTM Threat-Centric Security (NGIPS & AMP)

Security ConsulingSecurity AnalyticsDynamic Malware Analysis


Neohapsis Acquisition

Industry leading expertise focused on compliance,

cloud, mobile, and application security

World class security consultants with an

average of 15+ years experience

Emerging threat research and analysis to support advanced threat

protection

Advisory Expertise

Top Talent

Advanced Research


H OW?


Gaining Visibility Video


§  Near real-time analytics

§  Anomaly detection

§  Zero day threat focus

§  Identification to suppression mean time reduction

§  Integration of the latest security technology

§  Extensible platform designed to evolve with market demands

§  Improved technology leverage and accountability

§  Access to actionable sources of intelligence

§  Cisco proprietary telemetry

§  Adapted for customer intelligence

§  Publicly available intelligence

§  Operationalization

§  Advanced expertise

§  Combat security talent shortage

§  Force multiply internal resources

Managed Threat Defense (MTD) Organic Innovation

Analytics People Intelligence Technology

CISCO MTD


Security Operations Centers

Americas

Austin Raleigh

EMEAR

Dubai Krakow

APJC

Sydney

Top Talent Targeted Expertise Custom Operations


Managed Threat Defense Architecture

DEDICATED CUSTOMER SEGMENT

Administrative Consoles

PORTAL

TICKETING

COMMON SERVICES

Threat Intelligence

Dedicated Customer Portal

Alerting/Ticketing System

Investigator Portal

Authentication Services

24/7 ACCESS

CUSTOMER

SOC

Secure Connection (HTTPS/SSH/IPSec)

VPN INTERNET VPN FIR

EWA

LL

FIR

EWA

LL

CMSP

Advanced Malware

Protection

Full Packet Capture

Anomaly Detection

Sourcefire IDS

Collective Security

Intelligence

Streaming Analytics

ThreatGrid

NetFlow

Full Packet

Machine Exhaust

Cisco

Third Party


DMZ Users

Endpoint Agents

NetFlow Generator

Access Control

Data Center

NetFlow Generator

Access Control

Web Proxy

Email Proxy

Endpoint Agent

NetFlow Generator

Access Control

Talos

MTD: A Comprehensive Threat Solution

Perimeter Firewall

Cisco Cloud Security Internet

Mobile Endpoints Anywhere / Anytime

MTD

ThreatGRID Sourcefire

Full Packet Anomalies

Endpoint Agent

Application Security


MTD’s High Fidelity Approach

Post-investigation tickets 71

269,808 Security Events

Unique events 113,713

High fidelity events 1710

207,992 61,816 Threat intel sourced Telemetry generated


Strong Differentiation

Advanced Analytics and Correlation

Continuous and Zero-Day Detection

AMP Everywhere

Reduced Cost and Complexity

Threat-Focused Next-Generation Firewall

ASA with FirePOWER

Integrated Threat Defense

Diverse Threat Intelligence

Real Time Analytics

Managed Threat Defense

Advanced Expertise


Threat Intelligence

Feeds

Enrichment Data

OpenSOC Overview

Full packet capture

Protocol metadata

NetFlow

Machine exhaust (logs)

Unstructured telemetry

Other streaming telemetry

Parse + Format Enrich Alert

Log Mining and Analytics

Big Data Exploration, Predictive Modelling

Network Packet Mining

and PCAP Reconstruction

Applications + Analyst Tools


OpenSOC Framework Sources Data Collection Messaging Broker Real-Time Processing Storage Access

Analytic Tools

Tableau

R / Python

Power Pivot

Web Services

Search

PCAP Reconstruction

Telemetry Sources

NetFlow

Machine Exhaust

HTTP

Other

Flume

Agent B

Agent N

Agent A

Kafka

B Topic

N Topic

PCAP Topic

DPI Topic

A Topic

Storm

B Topology

N Topology

A Topology

PCAP Topology

DPI Topology

Hive

Raw Data

ORC

Elasticsearch

Index

HBase

Packet Table

PCAP Passive

Tap

Traffic Replicator


NEW - Incident Management Services Execution Across the Entire Threat Kill Chain

Know your threats

Detect threat activity

Engage kill chain

Contain and remove threat

Threat Intelligence, Advisory and Managed Security Services

Managed Threat Defense

Incident Response Services

Advisory Services

Enable growth Reduce costs Mitigate Risk

Managed Services

Enhanced visibility Advanced analytics


Incident Response Services Experts Combine Latest Intelligence and Best Practices

Security Experts

Threat Intelligence

Readiness •  Infrastructure Breach Preparedness •  Security Operations Readiness •  Breach Communications •  DDOS preparedness •  Incident Response Training •  Tabletop Exercises

Response •  Log Source Assessment, Analysis & Data Mining •  Forensic Image Analysis •  Infected System Dynamic Instrumentation •  Malware Reverse Engineering •  Exploit Analysis and Re-Implementation •  Post-breach Remediation

Prepare, assess infrastructure, operations, communications and skill

Identification, isolation, and remediation expedience


A S EC S UT D I E S


NEOHAPSIS Third Party Risk

§  Multiple vendor assessment programs

§  Ineffective prioritization and remediation for vendor risks

§  Bandwidth challenges had limited the number of assessments

Challenge

§  Piloted vendor assessment program including program management and 25 assessments

§  Delivered improvements to program processes, assessment, executive metrics, and management oversight

Solution

§  Continuous improvement in program and assessment efficacy

§  Greater management transparency to vendor risks

§  Annual assessments and summary analysis across all programs

Outcomes


ADVISORY Custom Threat Intelligence

§  Desire to identify “unknown unknowns”

§  Limited capability for compromise detection

§  Lack of expertise and tools for incident management

Challenge

§  Combination of external and internal instrumentation

§  Detailed traffic monitoring and forensic analysis

§  Tailored risk impact assessment and targeted operational remediation

Solution

§  500+ previously missed indicators of compromise (IOCs) within first 90 days

§  65% savings with targeted security remediation

§  Positive BoD feedback on improved compliance posture

Outcomes


INTEGRATION Identity Services Engine

§  Limited control over user access to the network

§  Shortage of internal security experts for design and build

§  Inability to effectively operate security policy and controls

Challenge

§  Audit of devices and security policy configuration

§  ISE implementation and knowledge transfer

§  24/7 threat monitoring via Remote Managed Services

Solution

§  100% visibility and control for BYOD across the network

§  Zero downtime for the deployment of ISE

§  56% cost reduction through managed solution

Outcomes


MANAGED Managed Threat Defense (MTD)

§  Uneven visibility into multiple threat vectors

§  Shortage of operational security expertise

§  Limited real-time security analytics capabilities

§  Need for better threat intelligence

Challenge

§  Predictive analysis and behavior-based tools

§  24/7 real-time expert staffed SOCs

§  Incident prioritization and event correlation

§  Industry leading hybrid intelligence

Solution

§  34% savings on information security management through leverage of MTD SOC

§  95% decrease in redundant investigations due to higher fidelity detection

§  70+ high priority threats remediated per day

Outcomes


Only Cisco Delivers

Physical, Virtual or Cloud models to fit multiscreen,

IoE and other changing business needs

Adaptable Business Models

Unmatched Visibility & End to End Security

across Cloud, Network and Customer Premise

Advanced Threat Protection

Complexity Reduction

Consistent Policies & Control Across Devices,

Network, and Data Center

tomorrow starts here - security everywhere

Technology

cisco andor

cisco confidential business

cisco confidential tomorrow

costly cisco confidential

cisco confidential agenda

security company

security strategies

security problem