© 2015 cisco and/or its affiliates. all rights reserved. 1 the importance of threat-centric...
TRANSCRIPT
© 2015 Cisco and/or its affiliates. All rights reserved. 1
The Importance of Threat-Centric SecurityWilliam Young
Security Solutions Architect
It’s Our Time
© 2015 Cisco and/or its affiliates. All rights reserved. 2
Security Perspective
© 2015 Cisco and/or its affiliates. All rights reserved. 3
The Problem is Threats
© 2015 Cisco and/or its affiliates. All rights reserved. 4
Today’s Advanced Malware is Not Just a Single Entity
100%of companies connect to domains that host
malicious files or services
54%of breaches
remain undiscoveredfor months
60%of data is stolen in hours
avoids detection and attacks swiftly
It is a Community that hides in plain sight
100 percent of companies surveyed by Cisco have connections to domains that are known to host
malicious files or services. (2014 CASR)
© 2015 Cisco and/or its affiliates. All rights reserved. 5
YEARSMONTHS
Impact of a Breach
HOURS
Breach occurs
60% data in breaches is stolen in hours
54% of breaches remain undiscovered for months
Information of up to 750 million individuals on the black market over last three years
START
Source: Verizon Data Breach Report 2014
© 2015 Cisco and/or its affiliates. All rights reserved. 6
Breach/Detection Time Delta is Not Improving
Source: Verizon 2014 Data Breach Investigations Report
Time to compromise
Time to discovery25%
50%
75%
100%
20
04
20
05
20
06
20
07
20
08
20
09
20
10
20
11
20
12
20
13
Percent of beaches where time to compromise (orange)/time to discovery (blue) was days or less
© 2015 Cisco and/or its affiliates. All rights reserved. 7
If you knew you were going to be compromised, would you do security differently?
© 2015 Cisco and/or its affiliates. All rights reserved. 8
A Threat-Centric Approach
ATTACK CONTINUUM
DiscoverEnforceHarden
DetectBlock
Defend
ScopeContain
Remediate
Visibility and Context
Firewall
App Control
VPN
Patch Mgmt
Vuln Mgmt
IAM/NAC
IPS
Antivirus
Email/Web
IDS
FPC
Forensics
AMD
Log Mgmt
SIEM
© 2015 Cisco and/or its affiliates. All rights reserved. 9
Cisco: Covering the Entire Attack Continuum
ATTACK CONTINUUM
DiscoverEnforceHarden
DetectBlock
Defend
ScopeContain
Remediate
FireSIGHT and pxGrid
ASA
NGFW
Secure Access + Identity Services
VPN
Meraki
NGIPS
ESA/WSA
CWS
Advanced Malware Protection
Cognitive
ThreatGRID
© 2015 Cisco and/or its affiliates. All rights reserved. 10
A Threat-Centric Approach
ATTACK CONTINUUM
Point-in-Time Continuous
DiscoverEnforceHarden
DetectBlock
Defend
ScopeContain
Remediate
Network Endpoint Mobile Virtual Cloud
© 2015 Cisco and/or its affiliates. All rights reserved. 11
Today’s Security Appliances
WWW
Context- Aware
Functions
IPS Functions Malware
Functions
VPNFunctionsTraditional
Firewall Functions
© 2015 Cisco and/or its affiliates. All rights reserved. 12
Work
flow
(auto
mati
on)
Engin
e
APIs
Visibility and Context are the Foundation
Broad visibility for contextVisibility
Set policy to reduce surface area of attackControl
Focus on the threat – security is about detecting, understanding, and stopping threats
Threat
Understand scope, contain & remediateBreach
© 2015 Cisco and/or its affiliates. All rights reserved. 13
Work
flow
(auto
mati
on)
Engin
e
Visibility Must Be Pervasive
Visibility
Control
Threat
Breach ScopeContainRemediate
DetectBlockDefend
ControlEnforceHarden
DiscoverMonitorInventoryMap
BEFORE
ASA
NGFW
VPN
Meraki
ISE
NAC
Network / Devices (FireSIGHT/PXGrid)
Users / Applications (FireSIGHT/PXGRID/ISE)
Files / Data (FireSIGHT/AMP)
DURING AFTER
AMP
ThreatGrid
CTA
NGIPS
ESA/WSA
Reputation
APIs
© 2015 Cisco and/or its affiliates. All rights reserved. 14
A Threat-Centric Approach Reduces Complexity and Increase Capability
Collective Security Intelligence
Centralized Management Appliances, Virtual
Network Control Platform
Device Control Platform
Cloud ServicesControl Platform
Appliances, Virtual Host, Mobile, Virtual
Hosted
© 2015 Cisco and/or its affiliates. All rights reserved. 15
The Time is Now for Cisco’s Threat-Centric Approach
Consistent Control
Complexity Reduction
Consistent Policies Across
the Network and Data Center
Fits and Adapts to Changing
Business Models
Global Intelligence With
the Right Context
Detects and Stops Advanced
Threats
Advanced Threat
ProtectionUnmatched
Visibility
© 2015 Cisco and/or its affiliates. All rights reserved. 16
Thank you.