© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 1
Threat Control and Containment in Intelligent Networks
Philippe Roggeband - [email protected] Manager, Security, Emerging Markets
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 2
AgendaThreat Control and Containment
Trends in motivation
The Business Context
Self-Defending Networks
What’s the ROI ?
Q&A
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 3
Trends in motivations
The threat economy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 4
Some statistics
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 5
Threat Economy: In the Past
Writers Asset End Value
Espionage(Corporate/
Government)
Fame
Theft
Virus
Tool and Toolkit Writers
Worm
Trojans
Malware Writers
Compromise Individual
Host or Application
Compromise Environment
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 6
Threat Economy: TodayFirst Stage
AbusersSecond Stage
AbusersWriters Middle Men End Value
Bot-Net Management:For Rent, for Lease,
for Sale
Bot-Net Creation
Personal Information
Electronic IP Leakage
Worms
Spyware
Tool and Toolkit Writers
Viruses
Trojans
Malware Writers
Machine Harvesting
Information Harvesting
Hacker/Direct Attack
Internal Theft: Abuse of Privilege
Information Brokerage
Spammer
Phisher
Extortionist/ DDoS-for-Hire
Pharmer/DNS Poisoning
Identity Theft
Compromised Host and
Application
Financial Fraud
Commercial Sales
Fraudulent Sales
Click-Through Revenue
Espionage(Corporate/
Government)
Fame
Extorted Pay-Offs
Theft
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 7
Application Security: Server-Side Attacks
Attacks on application infrastructure continues, largely on “custom applications” (75% of attacks at application layer target custom apps)Web front-ends continue to be vulnerable, largely due to lack of implementation of solutions
Injection attacks:Manipulating a backend system by injecting commands and/or code into fields in a front-end query systemSQL injection is the most famous form—injects SQL commands into fields in a web page
Cross-site scripting:Malicious gathering of data from an end-user by injection of a script into a web pageOften-times links to a offsite malicious web page
Cookie Tampering:Manipulation of session information stored in a cookieAllows manipulation of the session, even when input validation is used in the application
Popular Attacks
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 8
Attacks on Data: Data LeakageOne of the year’s “Hot Topics”Broad term encompassing multiple different challenges:
Security of Data at restSecurity of Data in motionIdentity-based access controlBoth malicious and inadvertent disclosures
Issue has become topical typically for “Compliance” reasonsHowever, broader topic involves business risk management
How do I avoid inadvertent disclosures?How do I protect my information assets from flowing to my competitors?How do I avoid ending up in the news?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 9
Evolving Business Context
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 10
Explaining Security in Business Terms
Information is an assetProtection of valuable assets against:
LossMisuseDisclosureDamage
Information Security benchmark:ConfidentialityIntegrityAvailability
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 11
Security = Top Business Issue
Need for revenue growth 4
Use of information in products/services 5
Economic recovery 6
Single view of customer 7
Greater transparency in reporting 9
Enterprise risk management 10
Faster innovation 8
Ranking
Security breaches/business disruptions 1
Operating costs/budgets 2
Data protection and privacy 3
Top Business Trends
Source: Gartner Group, 2004
Ranking
Source: CSO/Cisco Proprietary Research, April 2006
Top Security Challenges
Limited budget
Regulatory compliance
Educating executives on risks
Scope, volume and proliferation of data/devices
Not enough security staff
Wireless LANs
Mobile clients
Company growth
Volume and complexity of network traffic
Lack of key security skills
4
5
6
7
9
10
8
1
2
3
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 12
Stakeholders in Network Security
Boards
Executive Management
I.T. Staff
Employees
Auditors
External Legal Counsel
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 13
Business Leaders & Security Axioms
There is no such thing as 100% security
Security is not a one-time effort
Good security involves:PeopleProcessTechnology
“Use proven products from reputable suppliers” (source: I.T. Governance Institute)
Secure
Test
Impr
ove Monitor
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 14
Security Standards & Legislations (partial list)
ISO 17799
BS 7799
NIST 800
ISO 27001
CobIT
TickIT
ITIL
ISO 13335
ISO 15408
COSO SOX
EU Directive on Data Protection
HIPAA
GBLABasel II
EC Privacy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 15
Self-defending Networks
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 16
Cisco Self-Defending NetworkA systems approach leveraging the Network
Enabling everyelement to be a pointof defense and policy
enforcement
IntegratedCollaboration among
the services and devices throughout
the network to thwart attacks
CollaborativeProactive security technologies that
automatically prevent threats
Adaptive
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 17
Self-Defending Network Defined
Confidential Communications
Technologies and security services to
• Mitigate the effects of outbreaks
• Protect critical assets• Ensure privacy
• Security as anintegral, fundamental network capability
• Embedded securityleverages network investment
Efficient security management, control,
and response
Secure Transactions
Operational Control
THREAT CONTROL
Secure NetworkPlatform
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 18
Network as Platform for Security Integrated Services Routers
Integrate Cisco® IOS® Firewall, VPN, and Intrusion Prevention System (IPS) services across the Cisco router portfolio Deploy new security features on your existing routers using Cisco IOS Software NAC-enabled
Cisco Catalyst® SwitchesDenial-of-service (DoS) attack mitigationIntegrated security service modules for high-performance threat protection and secure connectivity Man-in-the-middle attack mitigationNAC-enabled
Adaptive Security AppliancesHigh-performance firewall, IPS, network antivirus, and IPSec/SSL VPN technologies all in one unified architectureDevice consolidation reduces overall deployment and operations costs and complexities NAC-enabled
“ Comprehensive and simple—almost the holy grail.”Garth Brown, President, Semaphore
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 19
Threat Control and Containment:Proactive, Adaptive Mitigation of Outbreaks and Infection
Advanced TechnologiesBehavioral-based endpoint protection, DDoS mitigation, intrusion prevention, network antivirus, policy enforcement, proactive response
Benefits Proactively protects against known and unknown threatsEnforces endpoint compliance for more manageable patching, updatingProactively contains infections and outbreaks with distributed mitigation Reduces operational costs
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 20
Confidential Communications:Secure Data, Voice, Video, and Wireless
Advanced Technologies
Advanced IPSec and SSL VPN Services, secure voice, secure wireless
Benefits
Enjoy productivity gains
Increase flexibility
Maintain privacy and confidentiality
Cost-effectively extend reach of network
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 21
Secure Transactions:Protect Business Assets Against Theft and Exposure
Advanced Technology
Application-layer inspection
Benefits
Prevent application availability disruption
Ensure customer privacy
Protect business assets from exposure
Reduce litigation risk
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 22
Operational Control and Policy Management:Best Practices Enablement
Simplified Environment =
Greater Visibility, Easier to Manage
ProvisioningMonitoringAnalysis
Mitigation
AuditingIdentity
Self-Defending NetworkFabric
BenefitsIncrease speed and accuracy of policy deployment
Gain visibility to monitor end-to-end security
More rapidly respond to threats
Enforce corporate policy compliance
Enable proper workflow management
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 23
Day Zero and Intrusion Protection Across the Enterprise
The Industry’s Most Complete Intrusion Prevention Solution
CSA
CSA
CSA
Cisco Guard
Cisco PIX
Cisco IPS4200
Perimeter
CS- Manager, CS-MARS
CiscoCatalystServiceModules
CSA
Cisco ISR
DDoS and Anti-Spoofing Mitigation Server ProtectionDay Zero Endpoint
Protection
Unified Management, Correlation, and Analysis
Perimeter Protection
NAC : Enforce Security Policies
Identify and Control Outbreaks
ServiceProvider
Cisco ASA
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 24
But what’s the ROI ?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 25
The Insurance Policy Calculation
Acceptable RiskAcceptable Risk
Optimal Cost-Risk Solution Total Cost
CurveTotal Cost
Curve
Maximum Allowed Cost
Maximum Allowed Cost
High
Tota
l Cos
t of O
wne
rshi
p
LowLow Risk High
Because 100% security can never be reached, security should be positioned to meet both the acceptable risk and total cost of ownership requirements.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 26
Benefits of Self-Defending Networks
IMPROVED VALUE:
Reduces integration costs –security is already integrated into the network
Allows proactive, planned upgrades at traditional IT refresh cycles
Improves efficiency of security management
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 27
Why Cisco? We Are Committed to Security
“ Because the network is a strategic customer asset, the protection of its business-critical applications and resources is a top priority.”
John Chambers, CEO, Cisco Systems
Product and Technology Innovation1500 security-focused engineers
15 acquisitions added to our solution portfolio
65+ NAC partners worked collaboratively with us to deliver an unprecedented security vision
Responsible Leadership
NIAC Vulnerability Framework Committee
Critical Infrastructure Assurance Group
PSIRT—responsible disclosure
MySDN.com—intelligenceand best practices sharing
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 28
Some Closing Thoughts
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 29
Q and A
© 2006 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 30