Bell Sales Rally –January 2017

First line of defense for threats on the internetCisco Umbrella

AgendaProblemIntroducing Cisco Umbrella

Our customersNext steps

Problem

Workplace desktops

Business apps

Critical infrastructure

How IT was built Internet

Business appsSalesforce, Office 365,

DocuSign, etc.

Branch office

Critical infrastructureAmazon, Rackspace, Windows Azure, etc.

Roaming laptops

Workplace desktops

Business apps

Critical infrastructure

InternetIT today

By 2018, Gartner estimates:

25% of corporate data traffic will bypass perimeter security.

Your security challenges we can solve

Malware and ransomware

Gaps in visibility and coverage

Cloud apps and shadow IT

Difficult to manage security

Introducing Cisco Umbrella

Cisco UmbrellaCloud security platform

Built into the foundation of the internet

Intelligence to see attacks before launched

Visibility and protection everywhere

Enterprise-wide deployment in minutes

Integrations to amplify existing investments

MalwareC2 CallbacksPhishing

208.67.222.222

Where does Umbrella fit?MalwareC2 CallbacksPhishing

HQ

Sandbox

NGFW

Proxy

Netflow

AV AV

BRANCH

Router/UTM

AV AV

ROAMING

AV

First lineNetwork and endpoint

Network and endpoint

Endpoint

It all starts with DNS

Precedes file execution and IP connection

Used by all devices

Port agnostic

Built into foundation of internet

Umbrella provides:

Connection for safe requests

Prevention for user- and malware-initiated connections

Proxy inspection for risky URLs

Safe request

Blocked request

Prevents connections before and during the attack

Command and control callbackMalicious payload drop

Encryption keysUpdated instructions

Web- and email-based infectionMalvertising / exploit kit

Phishing / web linkWatering hole compromise

Stop data exfiltration and ransomware encryption

Malware doesn’t just happenIntelligence to see attacks before launched

Ransomware Web server

Email delivery Domain/IP

ATTACK 1

www

Malware Web server

Malvertising Domain/IP

ATTACK 2

www

Build. Test. Launch. Repeat.

Our view of the internet

80Brequests per day

12Kenterprise customers

65Mdaily active

users

160+countriesworldwide

Intelligence Statistical models

Co-occurrence modelIdentifies other domains looked up in rapid succession of a given domain

Natural language processing modelDetect domain names that spoof terms and brands

Spike rank modelDetect domains with sudden spikes in traffic

Predictive IP space monitoringAnalyzes how servers are hosted to detect future malicious domains

Dozens more models

2M+ live events per second

11B+ historical events

Our efficacy

3M+daily new

domain names

Discover

60K+daily malicious

destinations

Identify

7M+malicious destinations while resolving DNS

Enforce

Visibility and protection for all activity, anywhere

HQ

Mobile

Branch

Roaming

IoT

ALL PORTS AND PROTOCOLS

ON-NETWORK

OFF-NETWORK

Umbrella

All office locations

Any device on your network

Roaming laptops

Every port and protocol

IDENTITY REPORTS

Quickly spot and remediate victims

Top activity and categories per device or network

Allowed, blocked, and proxied traffic per device or network

DESTINATION REPORTS

Quickly assess extent of exposure

Top identities associated with malicious activity

Local vs. global trends for malicious domains

CLOUD SERVICES REPORT

Effectively combat shadow IT

Total and newly seen cloud services

Cloud apps by classification and traffic volume

Enterprise-wide deployment in minutes

ANY DEVICE ON NETWORK

ROAMING LAPTOP

On-network coverage With one setting change

Integrated with Cisco ISR 4K series

Off-network coverage

With AnyConnect VPN client integration Or with any VPN using lightweight Umbrella client

BRANCH OFFICES

Integrations to amplify existing securityBlock malicious domains from partner or custom systems

Umbrella

YOUR CURRENT SECURITY STACK

Appliance-based detection + Others

Threat intelligence platform + Others

AMP Threat GridThreat analysis feed + Others

Python Script Bro IPS Custom integrations + Others

IOCs

Our customers

“As FireEye sees a threats, it immediately updates Umbrella, which then protects all users on and off the network...we have seen a 4-5 fold decrease in alerts.”

Ron KeyserCIOATS Automation

“Deployed to 7 facilities in 5 countries in less than 3 hours. The ability to onboard with no client and no new physical appliance to manage...was a big advantage.”Markus SchwaigerIT Security AnalystHirschvogel Automotive

“As soon as we turned Umbrella on, we gained visibility into the traffic flows across our environment.”Mark ArnoldDirector of Information SecurityPTC

“Saved thousands of remediation hours with 70% decrease in virus-related tickets…saved thousands of dollars in ransom costs when it blocked a CryptoLocker callback.”Eric RockwellPresident and CIOcentrexIT

“As we assessed our security posture, we quickly realized that visibility was a major challenge and that most of our attacks started with DNS.”Henry DuongInfrastructure Security ManagerUniversity of Kansas Hospital

Integrations to extend security

Enterprise-wide deployment in minutes

Visibility everywhere

Intelligence to see attacks before launched

Built into the foundation of the internet

Real world results from five customers

Number of users and locations protected: 2.5K users across 7 facilities in Germany, Poland, India, China and the U.S.

Challenge:Secure a globally distributed network against potential threats.

Solution:Umbrella

Impact:• Up to 50% reduction in alerts from IPS and AV • Over 20% reduction in remediation time

AUTOMOTIVE SUPPLIER CASE STUDY

“Now that Umbrella has helped us become much more proactive, we’ve been able to invest resources in work that has more strategic value to the organization.”

Markus SchwaigerIT Security Analyst

Number of users and locations protected:8K end users across 7 major hubs worldwide, including U.S., South America, India, Singapore, and the U.K.

Challenge:Reduce malware infections, increase insight of potential threat sources, improve reporting.

Solution:Umbrella and Investigate

Impact:• Prevent malicious connections and data exfiltration• Extend protection with FireEye integration• Obtain intelligence on threat sources before attacks• Reduced reporting from hours to minute

SOFTWARE CASE STUDY

“It took less than ten minutes for us to point our DNS traffic to the Umbrella Global Network. We could protect our remote offices around the world in less than an hour and a half.”

Mark ArnoldDirector of Information Security

Enterprises worldwide use Umbrella

IT services Legal Manufacturing Retail Technology Telecom

Education Finance Government Healthcare InsuranceEnergy

UmbrellaStart blocking in minutes

Easiest security product you’ll ever deploy

Signup1

2 Point your DNS

3 Done