Advanced threat security - Cyber Security For The Real World
7 likes6,397 views
The document discusses advanced malware and its ability to bypass traditional security defenses, highlighting the evolving landscape of cyber threats. It emphasizes the importance of a comprehensive security model and discusses various security measures and architectures, alongside the role of Cisco in providing advanced threat protection solutions. Additionally, it points out the challenges organizations face in combating these threats, such as complexity and cost.
Advanced threat security - Cyber Security For The Real World
- 1. Cisco Advanced Threat Security Steve Gindi v1.2 Cyber Security For The Real World
- 2. Advanced Threat Security What is Advanced Malware? • Advance Malware is sophisticated malware designed to bypass traditional POINT IN TIME defenses such as Anti-Malware Engines, Sandboxes, etc. Malware utilizes techniques such as Encryption, Polymorphism, Sleep Techniques. Also known as Zero Hour Exploits, Advanced Persistent Threats. • Attack surface is typically found with Email and Web based traffic. • Top 5 Security Concern for CIO/CSO’s. • Very Public Hacks in 2013/2014 that affects Brand. © 2013-2014 Cisco and/or its affiliates. All rights reserved. 2
- 3. The Way We Do Business Is Changing Making it more difficult to protect your network Mobile Coffee shop Corporate Home Airport © 2013-2014 Cisco and/or its affiliates. All rights reserved. 3
- 4. The Industrialization of Hacking Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape Phishing, Low Sophistication 1990 1995 2000 2005 2010 2015 2020 Viruses 1990–2000 Worms 2000–2005 Spyware and Rootkits 2005–Today APTs Cyberware Today + © 2013-2014 Cisco and/or its affiliates. All rights reserved. 4
- 5. Most dangerous threats Approach Tactic Impact Threat vector Watering hole Spear phishing Dropper Infect or inject a trusted site Conduct reconnaissance on a target Deliver an exploit that will attack Target users through compromised links Leverage social engineering Deliver an exploit that will attack Deliver malware with stealth and self-deleting programs Gain access through DLL injection and control firewalls, antivirus, ect Compromises system control, personal data and authorizations © 2013-2014 Cisco and/or its affiliates. All rights reserved. 5
- 6. The Silver Bullet Does Not Exist… Application Control Sandboxing “Detect the Unknown” “Fix the Firewall” “Captive Portal” IDS / IPS UTM PKI “No key, no access” “It matches the pattern” NAC “No false positives, no false negatives.” FW/VPN AV “Block or Allow” © 2013-2014 Cisco and/or its affiliates. All rights reserved. 6
- 7. Perfect Fit for The New Security Model Attack Continuum BEFORE Discover Enforce Harden AFTER Scope Contain Remediate DURING Detect Block Defend Advanced Malware Protection NGIPS Network Behavior Analysis ESA/WSA Firewall NGFW NAC + Identity Services VPN UTM © 2013-2014 Cisco and/or its affiliates. All rights reserved. 7
- 8. Cisco - Advanced Threat Security v1.2
- 9. Why are we still Struggling??!!??!! Complexity Visibility Cost • Multi-Vendor • Redundancy • Training • Hardware • Power • Rack Space © 2013-2014 Cisco and/or its affiliates. All rights reserved. 9
- 10. engineers, technicians, and researchers PH.D., CCIE, CISSP, AND MSCE users AnyConnect® 600+ 80+ Cisco IPS Cisco ESA Cisco ASA Cisco WSA Control Cisco Cisco CWS WWW TALOS Outstanding Cloud-based Global Threat Intelligence Endpoints 24x7x365 operations 40+ languages Devices Networks Visibility WWW Web Email IPS 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 35% worldwide email traffic 13 billion web requests More than US$100 million spent on dynamic research and development 3- to 5- minute updates 5,500+ IPS signatures produced 8 million+ rules per day 200+ parameters tracked 70+ publications produced Cisco® SIO Information Actions © 2013-2014 Cisco and/or its affiliates. All rights reserved. 10
- 11. Cisco Email Security Architecture Inbound Protection Outbound Control Threat Defense Antispam Antivirus and Virus Outbreak Filter Data Security Data Loss Prevention Encryption Flexible Deployment Options Appliance Virtual © 2013-2014 Cisco and/or its affiliates. All rights reserved. 11
- 12. Gartner Magic Quadrant for Secure Email Gateway, 2014 The Magic Quadrant is copyrighted 2014 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco. Source: Magic Quadrant for Secure Email Gateways: http://www.gartner.com/technology/ reprints.do?id=1-1GT4N4C&ct=130702&st=sb © 2013-2014 Cisco and/or its affiliates. All rights reserved. 12
- 13. Cisco Web Security Architecture WWW Cisco Security Intelligence Operations (SIO) PROTECTION CONTROL URL Filtering Application Visibility and Control (AVC) *Data Loss Prevention (DLP) Layer 4 Traffic Monitoring (On-premises) Malware Protection Centralized Management & Reporting WWW Allow Limited Access WWW WWW Block © 2013-2014 Cisco and/or its affiliates. All rights reserved. 13
- 14. Gartner Magic Quadrant for Secure Web Gateway, 2014 The Magic Quadrant is copyrighted 2014 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco. Source: Magic Quadrant for Secure Web Gateways: http://www.gartner.com/technology/ reprints.do?id=1-1VSLKXG&ct=140624&st=sb © 2013-2014 Cisco and/or its affiliates. All rights reserved. 14
- 15. Cisco Next Gen Firewall Architecture Cisco Collective Security Intelligence Enabled FireSIGHT Analytics & Automation CISCO ASA WWW URL Filtering (subscription) Identity-Policy Control & VPN Advanced Malware Protection (subscription) Intrusion Prevention (subscription) Application Visibility &Control Clustering & High Availability Network Firewall Routing | Switching Built-in Network Profiling © 2013-2014 Cisco and/or its affiliates. All rights reserved. 15
- 16. NSS Labs: Next Generation Firewall © 2013-2014 Cisco and/or its affiliates. All rights reserved. 16
- 17. AMP on Email, Web & Firewall • Blocks known and unknown files • Reputation verdicts delivered by AMP cloud intelligence network • Behavioral analysis of unknown files • Looks for suspicious behavior • Feeds intelligence back to AMP cloud • Continuous analysis of files that have traversed the gateway • Retrospective alerting after an attack when file is determined to be malicious File Reputation File Sandboxing File Retrospection © 2013-2014 Cisco and/or its affiliates. All rights reserved. 17
- 18. Point-in-time Detection Antivirus Sandboxing Initial Disposition = Clean Initial Disposition = Clean AMP Blind to scope of compromise Analysis Stops Never 100% Sleep Techniques Unknown Protocols Encryption Polymorphism Actual Disposition = Bad = Too Late!! Retrospective Detection, Analysis Continues Actual Disposition = Bad = Blocked AMP is unique in the way it reevaluates information. If new data shows known-good files actually aren't good or have turned bad, AMP re-mines its data set and automatically transmits notifications to customers to trigger remediation. © 2013-2014 Cisco and/or its affiliates. All rights reserved. 18
- 19. NSS Labs: Advanced Malware Protection © 2013-2014 Cisco and/or its affiliates. All rights reserved. 19
- 20. AMP Everywhere Secure Gateway Network Appliance Endpoint • Stops threats before they enter the network • Easy activation • File Trajectory & Retrospective Security • Ideal for new or existing Cisco Email or Web Security customers • Effective upsell for all existing customers • Wide visibility inside the network with File Trajectory & Retrospective Security • Layered with network threat defense (IPS/NGFW) & event correlation • Broad selection of features-before, during and after an attack • Ideal for IPS/NGFW customers • Granular visibility and control at the endpoint level with Device Trajectory, File Trajectory & Retrospective Security • Protection for mobile and remote devices • For advanced customers wanting comprehensive threat protection, investigation & response © 2013-2014 Cisco and/or its affiliates. All rights reserved. 20
- 21. Why Cisco?? © 2013-2014 Cisco and/or its affiliates. All rights reserved. 21
- 22. © 2013-2014 Cisco and/or its affiliates. All rights reserved. 22