intelligent cybersecurity for the real world · intelligent cybersecurity for the real world scott...
TRANSCRIPT
Intelligent Cybersecurity for the Real World Scott Lovett
Vice President, Global Security Sales
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
The Industrialization of Hacking
2000 1990 1995 2005 2010 2015 2020
Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Hacking Becomes an Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
The Pervasiveness of Malicious Traffic
High-Threat Malware
Hijacked Infrastructure
Sites without Content
Suspect FTP
Suspect VPN
Pornography
100%
96%
92%
88%
79%
50%
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Proliferation of Attack Vectors
Public Cloud Private Cloud
Public Cloud
Cloud/SaaS Applications | Off-net Users | Explosion of Data | Internet of Things
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The Security Problem
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The New Security Model
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Strategic Imperatives
Network-Integrated,
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection, Cloud-Based Security
Intelligence
Agile and Open Platforms,
Built for Scale, Consistent Control,
Management
Visibility-Driven Threat-Focused Platform-Based
Network Endpoint Mobile Virtual Cloud
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Visibility: Cisco Sees More Than the Competition
Network Servers
Operating Systems
Routers and Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control
Servers
Vulnerabilities
NetFlow
Network Behavior
Processes
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Block Known Threats in Volume
?
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Detect, Understand, and Stop Threats
?
Collective Security Intelligence
Threat Identified
Event History
How
What
Who
Where
When
ISE + Network, Appliances (NGFW/NGIPS)
Context
AMP, CWS, Appliances
Recorded
Enforcement
AMP, Threat Defense
Continuous Analysis
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Today’s Security Appliances
W W W
Context-
Aware
Functions
IPS
Functions Malware
Functions
VPN
Functions Traditional
Firewall
Functions
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Platform-Based Security Architecture
Management
Security
Services and
Applications
Security
Services
Platform
Infrastructure
Element
Layer
Common Security Policy & Management
Common Security Policy and Management
Orchestration
Security Management APIs
Cisco ONE APIs
Platform APIs
Cloud Intelligence APIs
Physical Appliance Virtual Cloud
Access Control
Context Awareness
Content Inspection
Application Visibility
Threat Prevention
Device API: OnePK™, OpenFlow, CLI
Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider)
Route–Switch–Compute ASIC Data Plane Software Data Plane
APIs APIs
Cisco Security Applications Third-Party Security Applications
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
The Security Perimeter in the Cloud
The Distributed Perimeter
Cloud Connected Network
Collective Security Intelligence
Telemetry Data Threat Research Advanced Analytics
Mobile Router Firewall
3M+ Cloud Web Security Users
6GB Web Traffic Examined, Protected Every Hour
75M Unique Hits Every Hour
10M Blocks Enforced Every Hour
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Only Cisco Delivers
Consistent Control
Complexity Reduction
Consistent Policies
Across the
Network and
Data Center
Fits and Adapts
to Changing
Business Models
Global Intelligence
With the Right
Context
Detects and Stops
Advanced Threats
Advanced Threat Protection
Unmatched Visibility
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
The Partner Opportunity
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Security a top Cisco
business priority
Cisco + Sourcefire
integration
Global Security sales
growth opportunity
For Starters, Amplified Go-to-Market
Need to evolve
and scale GTM to harness
opportunity
Together with partners
help customers
take advantage
Tremendous opportunities for
our customers
Expanded portfolio
Greater pool of talent
Top of customer mind
We’re making bold moves
Cisco and its Partners
in strong position to
lead industry
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
The New Security GTM
One product security solutions portfolio and a new product roadmap
Opens new security partner account planning approaches
Includes partners earlier in sales cycle
Showcases your differentiated value
Drives new consumption models and expanded services opportunities
Forming the Global Centralized
WW Security Sales Organization
Harnessing Cisco’s Geography and
Theater Structure
Converting Security Product Sales
Specialists to Accountable & Empowered
Security Account Managers
Forming Security Architecture Program
that recognizes partners that focus on
security
Will Accelerate Partner Business Evolving our Sales Force
Evolving to Capture Opportunities with Partners
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco and SP Partner Deliver Value and Drive Business
Long term business relationship between Cisco
security and telecom service provider in the ANZ
region
Security services offerings to large public and private
sector entities
What gets our attention: This partnership has added
800,000 web and mobile security endpoint clients to
the ScanSafe worldwide installed base
This one partner engagement accounts for 25%
of our ScanSafe business
We’d like to do more business like this here, and
around the world
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Full Focus to Help You Grow Your Security Practice
New Security Model
New Strategic
Imperatives
New Products
New GTM
Security Ecosystem Complete Security Services
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Security Practice Partner Imperatives
Enablement
New Specialization Approach
Security Practice Building
CXO Business Relevance
Profitability
Behavioral Based incentives
Renewal Revenue Streams
Professional Services
Differentiation
Security Architecture Platform
Open Source API’s
Security Ecosystem
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Invest, Secure and Engage
Evolve & Expand your Security Practice with the New
Security Model
Of the Security Practice Partner Imperative
opportunities
Align with Dedicated and Empowered Security
PAM’s to accelerate growth
Invest
Take Advantage
Engage
Thank you.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Recent Announcements
FIRST open source technology for application detection & control
1,000+ OpenAppID detectors available in the Snort open source community
ONLY Cisco has continuous
analysis/retrospective alerting from cloud to
network to endpoint
First integration success story from Cisco
acquisitions of Sourcefire and Cognitive Security
New FirePOWER 8300 series allows effective
threat detection at higher network speeds
OpenAppID Advanced Malware Protection
(AMP) Everywhere
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Full Packet
Capture/
Packet Meta
Data Extractor
Cisco®
Advanced
Threat
Detection
Data Parsing
and
Normalization
Intrusion
Detection
Advanced
Email Traffic
Malware
Detection
Advanced Web
Traffic/File-
based Malware
Detection 24 hours daily
monitoring
• Network profile/baseline
establishment
• Advanced Malware Protection and
intrusion detection
• Sophisticated, high fidelity analytics
for anomaly detection and network
forensics
• Continuous analysis and
retrospective remediation
• Automated mitigation backed by
threat research and expert staff
Managed Threat Defense Service
Operationalized Approach to Security Before, During and After Attacks