© 2014 Cisco and/or its affiliates. All rights reserved. 1 © 2014 Cisco and/or its affiliates. All rights reserved. 1
Advance Threat Defense
Security Sales Manager – Indochina
+668 6900 7667
Sutee Assawasoontarangkoon
26 April 2014 @Sheraton Hua Hin
© 2014 Cisco and/or its affiliates. All rights reserved. 2
MOBILITY CLOUD THREAT
Nexus of
Forces,
Driving need
for
Architectural
approach to
Security
Connectivity Digital Access
Immersive Experience Digital Interactions
Networked Economy Digital Biz Processes
Internet of Everything
Digitize the World
Evolution of the Internet The Industrialization of Hacking & Threat landscape
2000 1990 1995 2005 2010 2015 2020
Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Hacking Becomes an Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication Anti-Virus,
Worms
© 2014 Cisco and/or its affiliates. All rights reserved. 4
Cisco Annual Security Report 2014
• Security is now a boardroom discussion.
• Breaches mean lost IP, compromised customer information, lack of confidence and valuation
impact.
• In addition, a major consideration is the change in what defines a network, which goes beyond
traditional walls and includes data centers, endpoints, virtual and mobile; this is the extended
network.
In the Cisco Annual Security Report 2014, three key trends highlighted are:
• Increased sophistication and proliferation of the threat landscape.
• Increased complexity of threats and solutions due to rapid growth in intelligent mobile device
adoption and cloud computing provide a greater attack surface than ever before.
• Cybercriminals have learned that harnessing the power of Internet infrastructure yields far more
benefits than simply gaining access to individual computers or devices.
99% of all mobile
malware in 2013
targeted Android
devices.
64% of malware
are Trojans,
followed by
adware at 20%.
A shortage of more than a
million security
professionals across the
globe in 2014.
100% of the world’s largest
multinational company networks
generated visitor traffic to Web
sites that host malware.
© 2014 Cisco and/or its affiliates. All rights reserved. 5
From: www.manager.co.th
© 2014 Cisco and/or its affiliates. All rights reserved. 6
Heartbleed – Cisco Respond
130,000 servers
4,000 servers
2.7% From: ThaiCert
Enable Business New Technology Secure Enterprise
Market Transition - Balancing Priorities ( CEO :: CIO :: CISO )
Growth & Innovations
Productivity
New Business models / M&A
Globalizations
Compliance
Mobile
Cloud
Apps
Data & Analytics
Internet of Things
Policy Enforcement Wired, Wireless, VPN, Cloud
Threat Mitigation Physical, Virtual, Cloud
Data Protection On-Prem, In The Cloud
IR / DR / Forensics
© 2014 Cisco and/or its affiliates. All rights reserved. 11
The Silver Bullet Does Not Exist… Combatting Advanced Threats over last 15 years
“Captive Port”
“It matches the pattern”
“No false positives,
no false negatives.”
App Control
FW/VPN
IDS / IPS
UTM
NAC
AV
PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing
“Virtual Execution”
© 2014 Cisco and/or its affiliates. All rights reserved. 12
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
A t t a c k C o n t i n u u m
Network Endpoint Mobile Virtual Cloud
Detect
Block
Defend
DURING
Point in Time Continuous
Integrated Threat Defense
• Visibility & Context driven
• Continuous analysis & remediation
• Covers broad set of attack vectors
• Integrated & coordinated response
• Leverages existing infrastructure
• Scales with increasing workloads
The Threat Centric Security Model Looking beyond a single silver bullet
© 2014 Cisco and/or its affiliates. All rights reserved. 13
Network Endpoint Mobile Virtual Cloud
Who What Where When How
BREADTH
DEPTH
NAC | NGFW | NGIPS | Ant-Malware | Web | Email | Threat Defense
Visibility needs both Breadth & Depth
© 2014 Cisco and/or its affiliates. All rights reserved. 14
Visibility: Cisco Sees More Than the Competition
Network Servers
Operating Systems
Routers and Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities
NetFlow
Network Behavior
Processes
© 2014 Cisco and/or its affiliates. All rights reserved. 15
Initial Disposition = Clean
Point-in-time
Detection
Initial Disposition = Clean
Blind to scope
of compromise
Actual Disposition = Bad = Too Late!!
Turns back time
Visibility & Control
are Key
Not 100%
Analysis Stops
Sleep Techniques
Unknown Protocols
Encryption
Polymorphism
Actual Disposition = Bad = Blocked
Retrospective Detection,
Analysis Continues
Continuous Analysis & Remediation Beyond the Event Horizon
Antivirus
Sandboxing
Old
School
Point in Time
Cisco AMP Next
Gen
Continuous
© 2014 Cisco and/or its affiliates. All rights reserved. 16
The Power of Continuous Analysis
Point-in-time security
sees a lighter, bullet,
cufflink, pen & cigarette
case…
Wouldn’t it be nice to
know if you’re dealing
with something more
deadly?
© 2014 Cisco and/or its affiliates. All rights reserved. 17
Advanced Malware Protection (AMP) Everywhere
Dedicated Appliance
February 2013
NGIPS / NGFW on FirePOWER
October 2012
Mobile
June 2012
PC
Since January 2012
Virtual
August 2012
Cisco Web & Email
Security Appliances
SaaS
Cisco Cloud Web Security
& Hosted Email
NOW Available
ON
© 2014 Cisco and/or its affiliates. All rights reserved. 18
Network Behavior Analysis
Advance Malware Protection
NAC + Identity Services
NGFW
Firewall
UTM
VPN
A T T A C K C O N T I N U U M
Control Enforce Harden
Detect Block
Defend
Scope Contain
Remediate
NGIPS
Web Security
Email Security
Cisco Threat Centric – Complete Security Portfolio Gartner Magic Quadrant Leader in all Security Products
© 2014 Cisco and/or its affiliates. All rights reserved. 19
Comprehensive Security Portfolio
IPS & NGIPS
• Cisco IPS 4300 Series
• Cisco ASA 5500-X Series integrated IPS
• FirePOWER NGIPS
• FirePOWER NGIPS w/ Application Control
• FirePOWER Virtual NGIPS
Web Security
• Cisco Web Security Appliance (WSA)
• Cisco Virtual Web Security Appliance (vWSA)
• Cisco Cloud Web Security
Firewall & NGFW
• Cisco ASA 5500-X Series
• Cisco ASA 5500-X w/ NGFW license
• Cisco ASA 5585-X w/ NGFW blade
• FirePOWER NGFW
Advanced Malware Protection
• FireAMP
• FireAMP Mobile
• FireAMP Virtual
• AMP for FirePOWER license
• Dedicated AMP FirePOWER appliance
NAC + Identity Services
• Cisco Identity Services Engine (ISE)
• Cisco Access Control Server (ACS)
Email Security
• Cisco Email Security Appliance (ESA)
• Cisco Virtual Email Security Appliance (vESA)
• Cisco Cloud Email Security
• Cisco
• Sourcefire
UTM
• Meraki MX
VPN
• Cisco AnyConnect VPN
© 2014 Cisco and/or its affiliates. All rights reserved. 20
40,000 routers on Cisco’s network
20 billion NetFlows /day
27TB of traffic inspected / day
3 billion DNS records / day
750GB of system logs collected / day
2 billion events / day collected in Splunk
6 million transactions / day handled by WSAs
Malware for 1.2% of all transactions automatically blocked by WSAs
Over 100 Application Service Providers
More than 200 Business Support and Development Partners
1500 Labs globally More than 25,000 Channel Partners
12 Critical Enterprise Production DCs
68,000 FTEs
56,000 vendors
120,000 Windows hosts
124,000 employees worldwide
Cisco Confidential – Do Not Distribute
© 2014 Cisco and/or its affiliates. All rights reserved. 21
OpenAppID – First Open Source Security AppID OSS Application & Control
• Open App ID Language Documentation
o Accelerate identification & protection for cloud-delivered apps
• Special Snort engine with OpenAppID Preprocessor
o Detect apps on network
o Report Usage Stats, Append ‘App Name’ to IPS events
o Block apps by policy
o Snort rule language extensions to enable app specification
• Library of Open App ID Detectors
o Over 1000 new detectors to use with Snort preprocessor
o Extendable sample detectors
Available now at Snort.org
© 2014 Cisco and/or its affiliates. All rights reserved. 23
Cisco Partners Ecosystem and Integration
Combined API Framework
BEFORE Policy and
Control
AFTER Analysis and Remediation
Identification and Block
DURING
Infrastructure & Mobility
NAC Vulnerability Management Custom Detection Full Packet Capture Incident Response
SIEM Visualization Network Access Taps
© 2014 Cisco and/or its affiliates. All rights reserved. 24
Network Integrated,
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms,
Built for Scale, Consistent
Control, Management
Network Endpoint Mobile Virtual Cloud
Visibility-Driven Threat-Focused Platform-Based
Cisco’s Strategic Focus & Customer Value Intelligent Cyber security for the Real World
© 2014 Cisco and/or its affiliates. All rights reserved. 25
“If the attackers know more than you do
about your network, the battle is lost.” Martin Roesch
Founder & CTO, Sourcefire
VP, Chief Architect, Cisco Security Group
© 2014 Cisco and/or its affiliates. All rights reserved. 26
Thank You
Security Sales Manager – Indochina
+668 6900 7667
Sutee Assawasoontarangkoon