intelligent cybersecurity for the real world · intelligent cybersecurity for the real world scott...

Intelligent Cybersecurity for the Real World Scott Lovett

Vice President, Global Security Sales

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

The Industrialization of Hacking

2000 1990 1995 2005 2010 2015 2020

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

Hacking Becomes an Industry

Sophisticated Attacks, Complex Landscape

Phishing, Low Sophistication


The Pervasiveness of Malicious Traffic

High-Threat Malware

Hijacked Infrastructure

Sites without Content

Suspect FTP

Suspect VPN

Pornography

100%

96%

92%

88%

79%

50%


Proliferation of Attack Vectors

Public Cloud Private Cloud

Public Cloud

Cloud/SaaS Applications | Off-net Users | Explosion of Data | Internet of Things


The Security Problem

Changing

Business Models

Dynamic

Threat Landscape

Complexity

and Fragmentation


The New Security Model

BEFORE

Discover

Enforce

Harden

AFTER

Scope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

Network Endpoint Mobile Virtual Cloud

Point in Time Continuous


Strategic Imperatives

Network-Integrated,

Broad Sensor Base,

Context and Automation

Continuous Advanced Threat

Protection, Cloud-Based Security

Intelligence

Agile and Open Platforms,

Built for Scale, Consistent Control,

Management

Visibility-Driven Threat-Focused Platform-Based

Network Endpoint Mobile Virtual Cloud


Visibility: Cisco Sees More Than the Competition

Network Servers

Operating Systems

Routers and Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control

Servers

Vulnerabilities

NetFlow

Network Behavior

Processes


Block Known Threats in Volume

?


Detect, Understand, and Stop Threats

?

Collective Security Intelligence

Threat Identified

Event History

How

What

Who

Where

When

ISE + Network, Appliances (NGFW/NGIPS)

Context

AMP, CWS, Appliances

Recorded

Enforcement

AMP, Threat Defense

Continuous Analysis


Today’s Security Appliances

W W W

Context-

Aware

Functions

IPS

Functions Malware

Functions

VPN

Functions Traditional

Firewall

Functions


Platform-Based Security Architecture

Management

Security

Services and

Applications

Security

Services

Platform

Infrastructure

Element

Layer

Common Security Policy & Management

Common Security Policy and Management

Orchestration

Security Management APIs

Cisco ONE APIs

Platform APIs

Cloud Intelligence APIs

Physical Appliance Virtual Cloud

Access Control

Context Awareness

Content Inspection

Application Visibility

Threat Prevention

Device API: OnePK™, OpenFlow, CLI

Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider)

Route–Switch–Compute ASIC Data Plane Software Data Plane

APIs APIs

Cisco Security Applications Third-Party Security Applications


The Security Perimeter in the Cloud

The Distributed Perimeter

Cloud Connected Network

Collective Security Intelligence

Telemetry Data Threat Research Advanced Analytics

Mobile Router Firewall

3M+ Cloud Web Security Users

6GB Web Traffic Examined, Protected Every Hour

75M Unique Hits Every Hour

10M Blocks Enforced Every Hour


Only Cisco Delivers

Consistent Control

Complexity Reduction

Consistent Policies

Across the

Network and

Data Center

Fits and Adapts

to Changing

Business Models

Global Intelligence

With the Right

Context

Detects and Stops

Advanced Threats

Advanced Threat Protection

Unmatched Visibility


The Partner Opportunity


Security a top Cisco

business priority

Cisco + Sourcefire

integration

Global Security sales

growth opportunity

For Starters, Amplified Go-to-Market

Need to evolve

and scale GTM to harness

opportunity

Together with partners

help customers

take advantage

Tremendous opportunities for

our customers

Expanded portfolio

Greater pool of talent

Top of customer mind

We’re making bold moves

Cisco and its Partners

in strong position to

lead industry


The New Security GTM

One product security solutions portfolio and a new product roadmap

Opens new security partner account planning approaches

Includes partners earlier in sales cycle

Showcases your differentiated value

Drives new consumption models and expanded services opportunities

Forming the Global Centralized

WW Security Sales Organization

Harnessing Cisco’s Geography and

Theater Structure

Converting Security Product Sales

Specialists to Accountable & Empowered

Security Account Managers

Forming Security Architecture Program

that recognizes partners that focus on

security

Will Accelerate Partner Business Evolving our Sales Force

Evolving to Capture Opportunities with Partners


Cisco and SP Partner Deliver Value and Drive Business

Long term business relationship between Cisco

security and telecom service provider in the ANZ

region

Security services offerings to large public and private

sector entities

What gets our attention: This partnership has added

800,000 web and mobile security endpoint clients to

the ScanSafe worldwide installed base

This one partner engagement accounts for 25%

of our ScanSafe business

We’d like to do more business like this here, and

around the world


Full Focus to Help You Grow Your Security Practice

New Security Model

New Strategic

Imperatives

New Products

New GTM

Security Ecosystem Complete Security Services


Security Practice Partner Imperatives

Enablement

New Specialization Approach

Security Practice Building

CXO Business Relevance

Profitability

Behavioral Based incentives

Renewal Revenue Streams

Professional Services

Differentiation

Security Architecture Platform

Open Source API’s

Security Ecosystem


Invest, Secure and Engage

Evolve & Expand your Security Practice with the New

Security Model

Of the Security Practice Partner Imperative

opportunities

Align with Dedicated and Empowered Security

PAM’s to accelerate growth

Invest

Take Advantage

Engage

Thank you.


Recent Announcements

FIRST open source technology for application detection & control

1,000+ OpenAppID detectors available in the Snort open source community

ONLY Cisco has continuous

analysis/retrospective alerting from cloud to

network to endpoint

First integration success story from Cisco

acquisitions of Sourcefire and Cognitive Security

New FirePOWER 8300 series allows effective

threat detection at higher network speeds

OpenAppID Advanced Malware Protection

(AMP) Everywhere


Full Packet

Capture/

Packet Meta

Data Extractor

Cisco®

Advanced

Threat

Detection

Data Parsing

and

Normalization

Intrusion

Detection

Advanced

Email Traffic

Malware

Detection

Advanced Web

Traffic/File-

based Malware

Detection 24 hours daily

monitoring

• Network profile/baseline

establishment

• Advanced Malware Protection and

intrusion detection

• Sophisticated, high fidelity analytics

for anomaly detection and network

forensics

• Continuous analysis and

retrospective remediation

• Automated mitigation backed by

threat research and expert staff

Managed Threat Defense Service

Operationalized Approach to Security Before, During and After Attacks

intelligent cybersecurity for the real world · intelligent cybersecurity for the real world scott...

Documents