find yourself in the future fighting cyber crime · global security sales organisation november...
TRANSCRIPT
![Page 1: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/1.jpg)
Glenn WelbyGlobal Security Sales Organisation
November 2016
Find yourself in the Future Fighting Cyber crime-what problems are we fixing?
![Page 2: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/2.jpg)
What is the
problem?
![Page 3: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/3.jpg)
Rapid Digital Disruption on a Massive Scale
500BIn 2030
50BIn 2020
15BDevices Today
$19 Trillion Opportunity
![Page 4: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/4.jpg)
Digital Disruption Drives the Hacker Economy
Attack SophisticationThreat ActorsAttack Surface
…Creating an ever-evolving, dynamic threat landscape
![Page 5: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/5.jpg)
The Result is Constantly Evolving Challenges
10I000 0II0 00 0III000
I00I III0I III00II 0II00II
Protect
Infrastructure and
Critical Data
Secure the
Mobile WorkforceDefend Across the
Extended NetworkNetwork + Endpoint + Cloud
Enable
Business GrowthNew Business Value
New Business Models
![Page 6: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/6.jpg)
Asymmetric battles are greater than our ability to respond
Persistent Attacks
Overwhelmed Defenders
Innovative Methods
Fragile Infrastructure
Shifting Tactics
Rising Vulnerabilities
Encryption Dilemma
Global Operations
![Page 7: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/7.jpg)
Current Threat Landscape
• Evolution of Ransomware
• Advances in Malicious
Tradecraft
• Questionable Network Hygiene
• Conflicting Geopolitical
Perspective
![Page 8: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/8.jpg)
Attacker's Infrastructure Built to be ResilientDesigned to evade and reconstitute
![Page 9: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/9.jpg)
Why is there a
problem?
![Page 10: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/10.jpg)
Direct Attacks Generate Big ProfitsMore efficient and more lucrative
![Page 11: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/11.jpg)
What to do to fix
it?
![Page 12: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/12.jpg)
Security practitioners need
to identify and constrain the
operational space of the adversaries
![Page 13: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/13.jpg)
Actionable Collaboration is Critical
Actionable collaboration is needed between people, processes, and technology, and on the back-end infrastructure that attackers are using.
Processes
People
Technology
![Page 14: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/14.jpg)
DNS: Doth Protest Too Much
91.3% of malware uses DNS
68% of organizations don’tmonitor it
A blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic
![Page 15: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/15.jpg)
Cyber Defence is
sexy!
-everybody’s doing it
![Page 16: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/16.jpg)
Security Weighs on the Minds of Executives
Of Executives Very Concerned About Security
Agreed More Information Will Be Expected
48%
92%
Much More Concerned Than 3 Years Ago41%
![Page 17: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/17.jpg)
But is confusing…. who do
you choose?
![Page 18: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/18.jpg)
Cisco Confidential 18© 2015 Cisco and/or its affiliates. All rights reserved.
Startups Receiving VC
funding in last 5 years
1208 $7.3B
Security Vendors for
Some Customers
54
Demand for
Security Talent
12x
Security ChallengesSecurity Silos Complicate Protection
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
![Page 19: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/19.jpg)
NGIPS
Encryption
BEFORE DURING AFTER
Baseline Systems
Predict Attacks
Proactive Exposure Analysis
Harden and Isolate Systems
Divert Attackers
Prevent incident
Detect IncidentsConfirm and
Prioritize Risk
Contain Incidents
IR-
Investigate/Forensics
Design/
Model Change
Remediate/
Make Change
Network-based Malware Sandboxes
Endpoint SIEM/Correlation and Analytics
Advanced Threat Defense
App Control/Whitelisting
Threat Intelligence/Intelligence Broker
AV/Next Gen AV
Patch Management
DLP
1
2
3
4 5
6
7 8 9
10
11
12
Honeypot
MDM
Endpoint Mgmt.
Incident Response (incl. Arbitration, Forensics, Automatic Incident
Generation, Threat Intelligence and Attack Path
Analysis, Journaling, Case Mgmt/Workflow )Micro Virtualization/Process Isolation
Host based IPS
Web SecurityFirewall
NGFWNAC + Identity
VPN
AVC
Email Security Advanced Malware Protection
Network Behavior Analysis
Patch / Vuln. Mgmt
AV / MRL Forensics
SIEMProducts
Technology Function
![Page 20: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/20.jpg)
How is Cisco addressing
the challenge?
![Page 21: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/21.jpg)
1. Richer network and security architecture needed
2. Best-in-class technology alone cannot deal with threat landscape
3. Integrated threat defense can converge on encrypted malicious activities
4. Open APIs are crucial
5. Requires less gear and software to install and manage
6. Automation and coordination aspects help to reduce TTD, containment, and remediation
Six Tenets of an Integrated Threat Defense
![Page 22: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/22.jpg)
Cisco’s #1Priority
Threat-Centric Security
BillionsInvested
5KPeopleStrong
CognitiveSourcefire
ThreatGRIDNeohapsisOpenDNSPortcullisLancope
Broad/Deep Portfolio
Trusted Advisor
#1 Cybersecurity
CompanyExpanding Services
Capabilities
Pervasive Security
Cisco Is Investing in Security Growth
![Page 23: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/23.jpg)
Integrated Architectural Approach
Unified Management
Endpoint CloudNetwork
Visibility
Threat Intelligence -
Services
![Page 24: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/24.jpg)
• 16 billion web requests a day
• 600 billion emails a day
• In aggregate, block almost 20 billion threats per day
• More than 1.5 million unique malware samples daily (17/sec)
• 18.5 billion AMP queries
• 214k AMP queries/sec
A View Across Cisco’s Global Telemetry
![Page 25: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/25.jpg)
MarketLeader
Committed to Security
Innovation
Strongest Portfolio &
Architecture
Why Cisco
![Page 26: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/26.jpg)
Cisco Confidential 26© 2015 Cisco and/or its affiliates. All rights reserved.
Source: Cisco Midyear Security Report, 2016
100 VS.Days
IndustryCisco
Game Changing Innovation
~13
Reduced Time to Detection
Hours
![Page 27: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/27.jpg)
Choose Cyber Defence ..its
a job for life
![Page 28: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/28.jpg)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
![Page 29: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/29.jpg)
Cisco Confidential© 2012 Cisco and/or its affiliates. All rights reserved. 29
STUDENTS WHO ATTENDED ARE STUDYING Cisco Netacad APJC 2015
THIS
SESSIONHELPED
STUDENTS
IDENTIFY THE
STEPS THEY NEED
TO TAKE
IN
THEIR CAREER JOURNEY
85%
VERYSATISFIED WITH THE
EVENT
84%
93%
70%
THOSE WHO ATTENDED
WOULD LIKE TO
SPECIALISEIN THESE TECHNOLOGIES
AS THEIR CAREER FOCUS
CCNA ROUTING + SWITCHING
STUDENTS
68% 11%CCNA SECURITYSTUDENTS
9% CCNPSTUDENTS
66% 45% 37% 36%
THIS SESSION
HELPED STUDENTSIDENTIFY THEIR
FUTURE CAREER IN TECHNOLOGY
CYBERSECURITY R&S
WIRELESS
IoE CLOUDCOMPUTING
![Page 30: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/30.jpg)
![Page 31: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/31.jpg)
November, 2016
@savgoust
Find Yourself In The Future Fighting Cyber Crime
![Page 32: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/32.jpg)
![Page 33: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/33.jpg)
1. ReconnaissanceHarvest information to
create attack strategy
and toolset
2. WeaponizationCoupling exploit with
backdoor into deliverable
payload
3. DeliveryDelivering weaponized
bundle to the victim via
email, web, USB, etc.
4. ExploitationExploiting a vulnerability
to execute code on
victim’s system
5. InstallationInstalling malware on
the asset
6. Command & ControlCommand channel for
remote manipulation of
victim’s system
7. Actions on ObjectivesWith ’Hands on Keyboard’
access, intruders accomplish
Preparation Intrusion Active Breach
Based on Lockheed Martin’s Cyber Kill Chain
RECONSTAGE
LAUNCH
EXPLOIT
INSTALL
CALLBACKPERSIST
![Page 34: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/34.jpg)
Don’t believe the hype….
(https://en.wikipedia.org/wiki/Don't_Believe_the_Hype)
![Page 35: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/35.jpg)
![Page 36: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/36.jpg)
Capability Defense against the “Kill Chain”
RECON STAGE
TARGET
CALLBACK PERSIST
BREACH
LAUNCH EXPLOIT INSTALL
COMPROMISE
End–to–EndInfrastructure
Defense
NGIPS
NGFW
FlowAnalytics
NetworkAnti-
Malware
NGIPS
NGFW
HostAnti-
Malware
DNSDNS Security
WebSecurity
EmailSecurity
NGIPS
DNSDNS Security
WebSecurity
NGIPS
Threat Intelligence Restrospection
![Page 37: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/37.jpg)
Reduce your threat exposure
Network Firewalling
Block unauthorized
access and activity by
controlling traffic flow
Application Visibility and Control (AVC)
Tailor application behavior
to reduce attack surface
and risk of data loss
URL Filtering
Restrict access to specific
sites and sub-sites, as
well as categories of sites
VPN Capabilities
Protect both site-to-site
connections and remote
users with granular control
W W W
Next Generation Intrusion Prevention System (NGIPS)Detect and prevent threats from entering your network
![Page 38: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/38.jpg)
Control It All from a Single LocationNetwork, Data, and Application
Remote User
ContractorGuest
WirelessWired
Secure access from any
location, regardless of
connection type
Apply access and
usage policies across
entire network
Monitor access, activity,
and compliance of
noncorporate assets,
take containment actions
when needed
Admin
Enterprise
Mobility
Partner
VPN
BranchHeadquarters
![Page 39: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/39.jpg)
Cisco Confidential 39© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Most used attack vectors – Web and Email
Approach
Tactic
Impact
Threat
vector
Infect or inject a trusted site
Conduct reconnaissance
on a target
Deliver an exploit that will attack
Target users through
compromised links
Leverage social engineering
Deliver an exploit that will attack
Deliver malware with stealth and
self-deleting programs
Gain access through DLL injection
and control firewalls, antivirus, ect
Compromises system control,
personal data and authorizations
DropperWatering hole Spear phishing
![Page 40: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/40.jpg)
Protection Across Networks
The Network platform uses indications of compromise, file analysis, and in this example file trajectory to show you exactly how malicious files have moved across the environment
Endpoint
Content
Network
WWW
![Page 41: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/41.jpg)
Protection Across Endpoints
The Endpoint platform has device trajectory, elastic search, and outbreak control, which in this exampleis shown quarantining recently detected malware on a device that has the AMP for Endpointsconnector installed
Endpoint
Content
Network
WWW
![Page 42: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/42.jpg)
Protection Across Web and Email
Cisco® AMP for Web and Email protects against malware threats in web and email traffic by blocking known malware and issuing retrospective alerts when unknown files are convicted
Endpoint
Content
Network
WWW
![Page 43: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/43.jpg)
![Page 44: Find yourself in the Future Fighting Cyber crime · Global Security Sales Organisation November 2016 Find yourself in the Future ... $19 Trillion Opportunity . Digital Disruption](https://reader034.vdocuments.site/reader034/viewer/2022042117/5e9576bedb08d36fd0143f61/html5/thumbnails/44.jpg)