Cisco Confidential© 2015 Cisco and/or its affiliates. All rights reserved. 1
Sikkerhedi cloud og for cloudMikael Grotrian & Peter Henry AndersenCloud Security Evangelists
29/03-2017
Cisco Confidential 2© 2015 Cisco and/or its affiliates. All rights reserved.
Session Topic’sProduct update
- Cisco Meraki MX (Cloud Managed Security Appliance)
- Advanced Malware Protection (Prevention, Detection and Response Security Architecture)
- AMP for Endpoints (Cloud Managed Endpoint Detection and Response)
- Threat Grid (Dynamic Malware Analysis and Threat Intelligence)
- UMBRELLA (Secure Internet Gateway formerly known as OpenDNS and Cloud Web Security)
- Cloudlock (Cloud Access Security Broker - A Cloud Cybersecurity Platform)
Live Demo- Sample Malware into MX – prevention via AMP through ThreatGrid.
Cisco Confidential 3© 2015 Cisco and/or its affiliates. All rights reserved.
Meraki MX
Cisco Confidential 4© 2015 Cisco and/or its affiliates. All rights reserved.
• SecureNo user traffic passes through cloudFully HIPAA / PCI compliant (level 1 certified)3rd party security audits, daily vulnerability testingAutomatic firmware and security updates (user-scheduled)
• ScalableUnlimited throughput, no bottlenecksAdd devices or sites in minutes
• ReliableHighly available cloud with multiple datacentersNetwork functions even if connection to cloud is interrupted99.99% uptime SLA
Reliability and security information at meraki.cisco.com/trust
Management data (1 kb/s)
WAN
The benefit of Cloud to Enterprise
Cisco Confidential 5© 2015 Cisco and/or its affiliates. All rights reserved.
Deploy, Manage & T-shoot in 1 Gui
Cisco Confidential 6© 2015 Cisco and/or its affiliates. All rights reserved.
BETA Ready – You can try it now
MX series – Layer 7 NGFW
Cisco Confidential 7© 2015 Cisco and/or its affiliates. All rights reserved.
1. 24/7 – 365 support included.2. Next Business Day HW Replacement.3. All WAN/SEC features available*4. Firmware updates ready on appliance.5. Security updates auto updated.6. New features auto updated in Dashboard7. LIC time for 1, 3, 5, 7 or 10yr & Extend8. LIC is not locked to HW9. ENT to ADV and ADV to ENT
up/downgrade possible
MX License – Enterprise or Advanced
Cisco Confidential 8© 2015 Cisco and/or its affiliates. All rights reserved.
AMP is everywhere!!!
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Continuous Analysis and Retrospective SecurityAMP for Endpoints Continuously Monitors, Records, and Analyzes All File Activity, Regardless of Disposition, to catch threats
Recording
Identify a threat’s
point of origin
Track it’s rate of progression and
how it spread
See what it is doing
See where it's been
Surgically targetand remediate
Monitor +
Detect
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
AMP for Endpoints
• Prevention, Monitoring + Detection, Response
• Deep Visibility, Context, and Control if something gets in
• Continuous Analysis of File Behavior
and Retrospective Security
• Turn on our AV detection engine in AMP for Endpoints to
consolidate agents
• Containment and quarantine on endpoint
• Built-in sandbox powered by Threat Grid
• Open APIs for seamless integration
• Agentless protection via CTA
• More than just endpoint, it’s the integrated security
architecture of AMP Everywhere
PC
MobileLinux
Mac
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Threat Grid Everywhere
Suspicious File
Analysis Report
Edge
Endpoints
ASA w/ FIREPOWER
Services
Meraki
CTA
ESA/ WSA
AMP for Endpoints
AMP for Network
Partner Integration
S E C U R I T Y
SecurityMonitoring Platforms
Deep Packet Inspection
Gov, Risk, Compliance
SIEM
Dynamic Analysis
Static Analysis
Threat Intelligence
AMP Threat Grid
Cisco Security Solutions Non-Cisco Security Solutions
Suspicious File
Premium Content Feeds
Security Teams
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cisco Cloudlock use cases
Discover and Control
User and EntityBehavior Analytics
Cloud Data Loss Prevention (DLP) Apps Firewall
Cloud Malware
Shadow IT/OAuth Discovery and Control
Data Exposures and Leakages
Privacy and Compliance Violations
Compromised Accounts
Insider Threats
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Authoritative DNS logsUsed to find:§ Newly staged infrastructures§ Malicious domains, IPs, ASNs§ DNS hijacking§ Fast flux domains§ Related domains
User request patternsUsed to detect:§ Compromised systems§ Command and control callbacks§ Malware and phishing attempts§ Algorithm-generated domains§ Domain co-occurrences§ Newly registered domains
Gather intelligence and enforce security at the DNS layer
Any device
Recursive DNS
rootcom.domain.com.
Authoritative DNS
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Built into foundation of the internet
Umbrella provides:
Connection for safe requests
Prevention for user and malware-initiated connections
Proxy for:• URL Inspection• AV Scan• Advanced Malware Protection• Threat Grid sandboxing
Safe request
Blockedrequest
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Demo JumpIntro:Ultra kort - Dashboard demo af hvordan AMP og TG er integreret
AMP & TG Demo:STEP 1 – Non flag of Malware sampleGenerer et sample af malwareTest sample via VirusTotalDL file (Malware) fra Box.com -> (GinnyPig Client i DEMO Lab) - Malware bliver ikke flagged af MX, da AMP ikke kender ”sample”
STEP 2 – Block/Flagged of Malware sampleSubmitt sample til TG – Ser adfærd = verdict, at den skal blokke denne trusel (Nu kender den signaturen).DL file (Malware) fra Box.com -> (GinnyPig Client i DEMO Lab) - Malware bliver blocked/flagged af MX, da AMP kender ”sample” via TG.
UMBRELLA Demo:Addressing & VLANS på MX på native VLAN – vælg OpenDNS. Provisioned PUBLIC IP gives til UMBRELLA account.Test af URL - UMBRELLA restrictor brugen af URL: Internetbadguys.com
Cisco Confidential 16© 2015 Cisco and/or its affiliates. All rights reserved.
Recap!Product update
- Cisco Meraki MX - Where are we today, where are we going!
- Advanced Malware Protection (AMP) – The Judge! You can “move” on or, the journey stops here!
- AMP for Endpoints – AMP on every device ads team effort against threats!
- Threat Grid – Advanced Sandboxing for AMP.
- UMBRELLA - Industry’s first Secure Internet Gateway!
- Cloudlock – Secures your users, data and apps across SaaS, PaaS and IaaS.
Live Demo- Sample Malware into MX – Cisco Meraki MX is more today and more tomorrow…
Thank you.