cisco - global home page - content security update · security platform w/ 80m+ malicious requests...
TRANSCRIPT
![Page 1: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/1.jpg)
György Ács
Security Consulting Systems Engineer
3rd November 2015
Content Security Update
![Page 2: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/2.jpg)
Agenda
• Email Security
• Appliance, Cloud, Hybrid
• Web Security
• Web Security Appliance
• Cloud Web Security
• Cognitive Threat Analytics
• OpenDNS
• Cloud Access Security, CAS,
• Elastica
![Page 3: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/3.jpg)
3C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Control
Cisco
AnyConnect®Cisco
IPS
Cisco CWS
WWW
Cisco WSACisco ASACisco ESA
Visibility
WWW
Web
Endpoints
Devices
Networks
IPS
Cisco TALOSOutstanding cloud-based global threat intelligence
1.6 millionglobal sensors
100 TBof data received per day
150 million+ deployed endpoints
35%worldwide email traffic
13 billionweb requests
24x7x365operations
40+languages
600+engineers, technicians, and researchers
80+PH.D., CCIE, CISSP, AND MSCE users
More than US$100
millionspent on dynamic research and development
3- to 5-minute updates
5,500+IPS signatures produced
8 million+rules per day
200+parameters tracked
70+publications produced
Info
rma
tio
nU
pd
ate
s
Cisco® TALOS
![Page 4: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/4.jpg)
Email Security http://beta.senderbase.org/ebc_spam/
![Page 5: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/5.jpg)
5C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Global Spam Volume - last 18 months[Average Daily Email and Spam Volume (Billions)]
Spam : 85.97%
Legitimate : 14.02%
Malware :0.0089%
http://www.senderbase.org/static/spam/#tab=1
![Page 6: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/6.jpg)
6C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contacts• Cisco IronPort Anti-Spam
• Report undetected spam to: [email protected]
• Report false-positives to: [email protected]
• Brightmail Anti-Spam
• Report undetected spam to: [email protected]
• Report false-positives to: [email protected]
• Marketing Spam
• Report marketing spam false positives to: [email protected]
• Report marketing spam false negatives to: [email protected]
![Page 7: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/7.jpg)
7C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Email Security Threat DefenseComplete Inbound Protection
Cisco® TALOS
SenderBase Reputation Filtering
Anti-Spam
Anti-Virus
Outbreak Filters
Real-time URL Analysis
Deliver QuarantineRe-write
URLsDrop
Drop
Drop/Quarantine
Drop/Quarantine
Quarantine/Re-write
Advanced Malware Protection Drop/QuarantineAMP
cws
![Page 8: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/8.jpg)
8C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Reduce the exposure of your users to phishing
• Tie DKIM and SPF together and address their shortcomings
• Identifies actions to take if message authentication fails for sender’s domains
• Allows for sending of aggregate reports back to sending domain to inform of message disposition
DMARCStandardizing Email Authentication
DNS
Serve
r
SIGNED
SIGNEDVerified
Trusted_Partner.com
Trusted_Partner.com
Imposter
Cisco
ESA
Drop/Quarantine
Report
DMARC p=reject
![Page 9: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/9.jpg)
9C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
URL DefenseIntegrated email and web security
Rewrite
Email Contains URL
URL Categorization
Cisco TALOS
BLOCKEDwww.playboy.comBLOCKED
BLOCKEDwww.proxy.orgBLOCKEDDefang
Replace “This URL is blocked by policy”
Send to Cloud
![Page 10: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/10.jpg)
10C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Zero-Hour Malware ProtectionAdvanced Malware Protection
Cloud Powered Zero-Hour
Malware Detection
Advanced Malware Protection Outbreak Filters
Telemetry Based Zero-Hour
Virus and Malware Detection
File
Reputation
File
Sandboxing
Known File
Reputation
Unknown files are
uploaded for
sandboxing
Reputation
updateSourceFire AMP
integration
![Page 11: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/11.jpg)
11C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Outbreak filters defend against blended attacksIntegrated email and web security
Website is
cleanLink is clicked
Website is
blocked Cisco Security
The requested web page
has been blocked
http://www.threatlink.com
Cisco Email and Web Security protects your
organization’s network from malicious software.
Malware is designed to look like a legitimate email or
website which accesses your computer, hides itself
in your system, and damages files.
Dynamic, real-time inspection via HTTP
Cisco TALOS
![Page 12: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/12.jpg)
12C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Outbreak Filters in Action: User Experience
Request for Review
Paul,
I forward my thesis to you for review.
Please open it and provide comments.
www.Personal Site.com/Thesis_Draft.pdf
Hope all’s well since Verizon.
Best regards,
Friend
Frien
d
After
Subject: Request for Review
http://www.threatlink.com/
Before
Subject: [SUSPICIOUS MESSAGE] Request for Review
http://secure-web.Cisco.com/auth=X&URL=www.threatlink.com
WARNING: This appears to be a
malicious email Paul
![Page 13: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/13.jpg)
13C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Identified: Targeted Attack
Content: Malware Payload
Vector: Email
Action: Blocked
Cisco TALOS - Cloud Security Enforcement
Cisco Cloud
Web Security
Request for Review
WARNING: This appears to be a
malicious email
Paul,
I forward my thesis to you for review.
Please open it and provide comments.
www.Personal Site.com/Thesis_Draft.pdf
Hope all’s well since Verizon.
Best regards,
Friend
Frien
d
![Page 14: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/14.jpg)
14C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Malware
Payload Blocked
Cisco Outbreak Filters Defends against Targeted Attacks
http://secure-web.Cisco.com…
The requested web page has been blocked
http://www.threatlink.com
Cisco Email and Web Security protects your
organization’s network from malicious software.
Malware is designed to look like a legitimate email
or website which accesses your computer, hides
itself in your system, and damages files.
Cisco Security
![Page 15: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/15.jpg)
15C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
IPv6 SupportDefense for email systems against emerging IPv6 threats
• Supports: IPv4/IPv6 addressing – single or dual stack – with Anti-Spam, Anti-Virus, Content Filters, DLP, Encryption, and more
• Translates: IPv6 in and IPv4 out… or vice versa
• Full reporting and Message Tracking support
IPv6 Addressing
Is your Email Security
filtering content with IPv6
addressing appropriately?
![Page 16: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/16.jpg)
16C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
ESA v9.0 – Feature rich release
• Enhanced File-types support for sandboxing
PDFs, MS Objects,
Inspection within archives and encoded formats
• Anti Snowshoe
• S/MIME signing and encryption
• Larger disk support
• Flexible disk capacity allocation
• Virtual SMA support
• AsyncOS API
![Page 17: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/17.jpg)
17C97-728331-00 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ESA 9.5
• Graymail Detection and Safe Unsubscribing
• Web Interaction Tracking
• System health monitoring enhancements
• Support for On-Premises File Analysis
• Support for TLS v1.2
Continuous Analysis
ESA Local AMP ThreatGrid
Local LAN
![Page 18: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/18.jpg)
Web Security http://beta.senderbase.org/ebc_malware/
![Page 19: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/19.jpg)
Customers Are Challenged with Today’s Evolving Threat Landscape
Data Loss
Acceptable Use Violations
Malware Infections
![Page 20: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/20.jpg)
Web
FilteringCloud Access
Security
Web
ReputationApplication
Visibility and
Control
Parallel AV
ScanningData-Loss
Prevention
File
Reputation
Cognitive
Threat
Analytics*
XX X X
BeforeAfterDuring
X
File
Retrospection
www
Roaming User
Reporting
Log Extraction
Management
Branch Office
www www
Allow Warn Block Partial BlockCampus Office
WCCP Explicit/PACLoad Balancer PBR AnyConnect® Client
AdminTraffic
Redirections
Talos Cisco Web Security Appliance (WSA)
www
HQ
File
Sandboxing
X
Client
Authentication
Technique
* Roadmap feature: Projected release 2H CY15
XCisco® ISE
Appliance Virtual
![Page 21: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/21.jpg)
1. Scans text
Cisco Web Usage ControlsURL Filtering and Dynamic Content Analysis
WWW
URL Database
3. Calculates model document proximity
4. Returns closest category match
2. Scores relevancy
Finance
Adult
Health
Finance Adult Health
AllowWWW WarnWWW WWW Partial
BlockBlockWWW
5. Enforces policy
If Unknown, the
Page Is Analyzed
BlockWWW
WarnWWW
AllowWWW
If Known
BEFORE
Discover
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
![Page 22: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/22.jpg)
Layer 1
Layer 2
AMP
CTA
CWS PREMIUM
AMP
CTALayer 3
File Reputation Anomaly
detection
Trust
modelingEvent classification Entity modeling
Dynamic
Malware
Analysis
File
Retrospection
Relationship
CTA
AMP Delivers Point-in-Time, Continuous, andRetrospective Security
AMP
Retrospection
Policy AVAMP File
Reputation
File Unknown
Retrospective
Incidents
1
3
AMP Cloud
Know
Where It
All Started
OI
Understand
How It Entered
the System
See Everywhere
It Has Been
Determine
What It
Has Done
Learn
How to
Stop It
AMP Dynamic
Malware Analysis
2
BEFORE
Discover
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
![Page 23: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/23.jpg)
Combining the Powerof ISE with WSAWSA with ISE Process Flow
Cisco® ISE acquires important context and identity
from the network.
It monitors and provides visibility into
unauthorized access.
Cisco ISE provides differentiated access to the network; Cisco TrustSec® Security provides segmentation throughout the network; and Cisco Web Security Appliance provides web security and policy enforcement.
Consistent Secure
Access Policy
Who: Doctor
What: Laptop
Where: Office
Who: Doctor
What: iPad
Where: Office
Who: Guest
What: iPad
Where: Office
Cisco® I dentity
Service Engine
WSA
Confidential
Patient Records
Internal
Employee Intranet
Internet
BEFORE
Discover
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
![Page 24: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/24.jpg)
WSA News
WSA / AsyncOS 8.8: ICAPs (for DLP vendors) and AMP ThreatGrid integration
Recommendation : min. WSA 9.0
Cisco Web Security Advanced Reporting App 4.5 : WSA and CWS logs
Referral header support (allow Youtube channel if you have good referral)
WSA logs Cloud Web Security,
CWS
CWS logs
Cloud Based AMP
ThreatGrid
Local AMP ThreatGrid
ICAPs
DLP
vendor
![Page 25: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/25.jpg)
Cognitive Threat Analytics CTA(for CWS, WSA, and other)
![Page 26: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/26.jpg)
• As users go through a web proxy, access logs are generated
Cognitive Threat Analytics
Cisco
Cognitive Threat
Analytics (CTA)
Pro
xy
HTTP/HTTPS
HTTP/HTTPS Headers
(meta data)
Time | IP | URL | User Agent | … 2:45 | 54.62.37.10 | www.google.com | Mozilla (…
2:45 | 68.62.37.10 | www.yahoo.com | Mozilla (…
2:45 | 22.62.37.10 | www.cnn.com | Chrome (…
2:45 | 59.62.37.10 | www.seznam.com | Mozilla (…
![Page 27: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/27.jpg)
Unique threat detection approach
Cognitive Threat Analytics: Key features
Anomaly Detection & Big Data Machine Learning01000111 0100 11 01 1001 00101 1 1 0 10101 01000111
01000111 0100 11 01 1001 11 00 0100 011 101000111
110010100 11 111 0 010 01100 01000 010100 110010100
1001 010 01000 010100101 10 1001 010 01000 1001 010
01000111 0100 11 01 1001 11 00 0100 011 101000111
1001 010 01000 010100101 10 1001 010 01000 1001 010
Understand context
Continuously analyze data
Make decisionsPrevent testing in advance
Always evolve
Find threats faster
![Page 28: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/28.jpg)
Demo Time !
![Page 29: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/29.jpg)
Elastica, Cisco Cloud Access Security
![Page 30: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/30.jpg)
How does Elastica Work?
Gateway
Securlets
Log Files
ElasticaCloudSOC™
AUDIT Shadow IT and Data Risk
INVESTIGATE incidents and respond
PROTECT against intrusions in cloud apps accounts
DETECT exploitations of cloud app accountsStreamIQ™ ThreatScore™
Comprehensive Cloud App Security Stack
1. Direct Upload2. Direct Stream3. On Premise VM
1. PAC files 2. Chaining with Cisco3. Lite Agent (roadmap)
![Page 31: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/31.jpg)
Elastica CloudSOC
Main Goals
Granular Control Intelligent Protection
• External and public content exposures, including compliance risks
• Inbound risky content shared with employees (e.g. malware, IP, etc)
• Risky users and user activities
SHADOW DATA RISK ASSESSMENTSHADOW IT RISK ASSESSMENT
• Analytics on your cloud app risks and compliance issues
• App usage anomalies across your organization
• What apps you should sanction and what apps you should block
SaaS Visibility
Identify Shadow IT &
Monitor cloud app
usage in real time
Gain control of Shadow
Data in a cloud-first,
mobile-first world
Combat evolving threats
using data science
![Page 32: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/32.jpg)
As simple as enabling a feature from the CWS back-office portal
Automated customer provisioning at Elastica
Automated log transfer without any customer setup/deployment effort
Cisco CWS Integration
![Page 33: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/33.jpg)
OpenDNS
![Page 34: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/34.jpg)
Recap DifferentiatorsNote: This is usually our first slide in intro decks
+
World’s Largest Security Platform w/
80M+malicious requests
blocked/day
=
GLOBAL NETWORK
• 80B+ DNS requests/day
• 65M+ biz & home users
• 100% uptime
• Any port, protocol, app
UNIQUE ANALYTICS
• security research team
• automated classification
• BGP peer relationships
• 3D visualization engine
![Page 35: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/35.jpg)
UMBRELLAEnforcementNetwork security service protects any device, anywhere
INVESTIGATEIntelligenceDiscover and predict attacks before they happen
PRODUCTS & TECHNOLOGIES
![Page 36: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/36.jpg)
A New Layer of Breach Protection
UMBRELLA
Threat PreventionNot just threat detection
Turnkey & Custom API IntegrationsDoes not require professional services to setup
Protects On & Off NetworkNot limited to devices forwarding traffic through on-prem appliances
Always Up to DateNo need for device to VPN back to an on-prem server for updates
Block by Domains for All Ports Not just IP addresses or domains only over ports 80/443
![Page 37: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/37.jpg)
A Single, Correlated Source of Information
INVESTIGATE
WHOIS record data
ASN attribution
IP geolocation
IP reputation scores
Domain reputation scores
Domain co-occurrences
Anomaly detection (DGAs, FFNs)
DNS request patterns/geo. distribution
Passive DNS database
Competing Vendors
Not available
Not available
Not available
![Page 38: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/38.jpg)
HARD-CODED IP
@23.4.24.1
“FAST FLUX”
@23.4.24.1
bad.com?
@34.4.2.110
@23.4.34.55
@44.6.11.8
Evolution of Command & Control Callbacks
@129.3.6.3
DOMAIN GENERATION ALGORITHM
bad.com?
@34.4.2.11
0
baa.ru?
bid.cn
@8.2.130.3
@12.3.2.1
@67.44.21.1
![Page 39: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/39.jpg)
Applystatistical models and
human intelligence
Identifyprobable
malicious sites
Ingestmillions of data
points per second
How Our Security Classification Works
a.ru
b.cn
7.7.1.3
e.net
5.9.0.1
p.com/jpg
![Page 40: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/40.jpg)
Demo Time !
![Page 41: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/41.jpg)
Agenda
• Email Security
• Appliance, Cloud, Hybrid
• Web Security
• Web Security Appliance
• Cloud Web Security
• Cognitive Threat Analytics
• OpenDNS
• Cloud Access Security, CAS,
• Elastica
![Page 42: Cisco - Global Home Page - Content Security Update · Security Platform w/ 80M+ malicious requests blocked/day = GLOBAL NETWORK • 80B+ DNS requests/day • 65M+ biz & home users](https://reader034.vdocuments.site/reader034/viewer/2022050608/5faf03e2f3011953937c9588/html5/thumbnails/42.jpg)