ciscos 2016 annual security report
TRANSCRIPT
May 19th 2016
Report is also Posted on Cisco Connect Download Site
Director of Security Sales – Service Provider Canada
Cisco 2016
Annual Security Report
Ali Afshari
I Love This Site
Worlds Biggest Data Breaches
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Shift Across Internet Governance Landscape Ushers Uncertainty
Uncertain Free
Flow of Information
Across the Border
Relying on Other
Mechanisms and
Legal Safeguards
Changing Internet
Governance
Concerns About
New Mechanism?
• MARK SULLIVAN 04.30.16 9:30 AM
On Thursday, the Supreme Court gave federal agencies far wider latitude to hack and search into computers around the world, and the decision could have a chilling effect on digital trade relations between the U.S. and Europe.
The court made changes to the Federal Rules of Criminal Procedure that will allow U.S. law enforcement to remotely hack and search computers of unknown location, computers whose location has been obscured by digital means, and even computers of cybercrime victims.
Latest Update
Security Weighs on the Minds of Executives
Of Executives Very Concerned
About Security
Agreed More Information
Will Be Expected
48%
92%
Much More Concerned
Than 3 Years Ago41%
16 billion web requests a day
500 billion emails a day
In aggregate, block almost 20 billion threats per day
• More than 1.1 million unique malware samples daily
18.5 billion AMP queries
A View Across Cisco’s Global Telemetry
Over 2400
Respondents
• CSOs 45%
SecOps 55%
• Large Enterprise 13%
Enterprise 38%
Midmarket 49%
Cisco’s 2015 Security Capabilities Benchmark Study
Conducted
over the
Summer of 2015
Study Included
12 Countries
US
Mexico
Brazil
UK
France
Germany
Italy
Russia
India
Australia
China
Japan
Threat Landscape: Resilience vs. Collaboration
• Attackers and attacks continue
to be effective
• Defender concern
spurring action
• Fragmented response inhibits
an effective defense.
DNS: Doth Protest Too Much
91.3% of malware uses DNS
68% of organizations
don’t monitor it
A blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic
Browser Infections: The Pest That Persists
More than
85% of the companies studied were affected each month
Attack Awareness Fades Confidence
59% confident in having the latest technology
51% have strong confidence in ability to detect a security weakness in advance
54% have strong confidence in ability to defend against attacks
45% have strong confidence in ability to scope and contain an attack
54% have strong confidence in ability to verify an attack
56% review security policies on a regular basis
-5% 0% -4%
-1% +0% +0%
Reliability Breeds Complacency
Of devices surveyed across the
Internet were running known
vulnerabilities with an average
of 26 each
Of devices surveyed across the
Internet were End of Service
Of devices surveyed across the
Internet were End of Life
92%
31%
5%
Constraints: Budget, Compatibility, and Certification
Security teams may be limited in their ability to carry out their plans
Security Awareness and Training
Formal Written Policies
Outsource Audit and Consulting
Outsource Incident Response
Outsource Threat Intelligence
Increased Awareness Drives EffortMore organizations are taking actions to become more prepared for what’s going to happen.
90%
66%
52%
42%
39%
+1%
+7%
+1%
+7%
N/A
Encrypted Traffic: A Sign of the Times
Individual Privacy Government Compliance
Organization Security
Encrypted Traffic is Increasing
It represents over 50% of bytes transferred
https://
The growing trend of web encryption creates false sense of security and blind spots for defenders
1. Richer network and security architecture needed
2. Best-in-class technology alone cannot deal with threat landscape
3. Integrated threat defense can converge on encrypted malicious activities
4. Open APIs are crucial
5. Requires less gear and software to install and manage
6. Automation and coordination aspects help to reduce TTD, containment, and remediation
Six Tenets of an Integrated Threat Defense
Actionable Collaboration is Critical
Actionable collaboration is needed
between people, processes, and
technology, and on the back-end
infrastructure that attackers are using.
Processes
People
Technology
Time to Detection: Reducing Malicious Actors’ Unconstrained Operational Space
17.535.3 VS
HOURSHOURS
June (Median) October (Median)
Cisco far outpaces the current industry estimate of 100 to 200 days
Trust, But VerifyTechnology vendors need to demonstrate trustworthiness by:
Creating a
Security-Aware
Culture
Providing Rapid
Remediation
Responding to
Breaches
Quickly
Following
Policies and
Processes
Building
Security Into
Their Solutions
2016 Annual Security Report
Attackers are tapping into
legitimate resources, becoming
adept at deploying hard-to-detect
and highly profitable campaigns
Defenders confidence is
declining, but awareness
is driving action to
deploy new strategies
Collaboration is needed to
combat today’s innovative and
persistent attacks and develop
architecture for tomorrow