Cisco Content Security
1 like2,047 views
The document discusses Cisco's content security solutions for web and email, focusing on advanced malware protection. It describes the evolving threat landscape including targeted attacks and advanced malware. Cisco content security addresses challenges like data loss, malware infections and visibility. Cisco Content Security with AMP provides threat protection before, during and after attacks using reputation filtering, file sandboxing, threat analytics and defense across the attack continuum. It is powered by Cisco's collective security intelligence from billions of requests and samples analyzed daily.
Cisco Content Security
- 2. Cisco Content Security Consulting Systems Engineer Sept 30, 2014 Web and Email Solutions with Advanced Malware Protection Daniel Thorne
- 3. Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved. Web and Email use is changing Making it more difficult to protect your network Mobile Coffee shop Corporate Home Airport
- 4. Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved. Our Web Security Problems Aren’t Getting Any EasierAn Evolving Threat Landscape Email and Web are the #1 Threat Vector IPv6 Spam Blended Threats Targeted Attacks APTs Advanced Malware Rootkits Worms Trojan Horse
- 5. Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved. Content Security Challenges Data Loss Malware Infections Acceptable Use Violations • Blocking hidden malware • Disarming malicious links • Managing advanced threats • Application visibility • Granular usage control • Consistent policy enforcement • Safeguard vital data • Detecting data breach • Preventing data leakage Visibility • Across users and sites • Proactive reporting (retrospective) • Centralized data collection
- 6. Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Content Security with AMP BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Malware Signature File Reputation File Sandboxing File Retrospection Threat Analytics Actionable Reporting Defense across the attack continuum Reputation Usage/App Controls Filtering
- 7. Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved. 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 600+ engineers, technicians, and researchers 35% worldwide email traffic 13 billion web requests 24x7x365 operations 40+ languages Cisco Content Security with AMP Built on unmatched collective security intelligence 10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00 180,000+ File Samples per Day FireAMP™ Community Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities Honeypots Sourcefire AEGIS™ Program Private and Public Threat Feeds Dynamic Analysis 1010000II0000III000III0I00IIIIII0000III0 1100001110001III0I00III0IIII00II0II00II101000011000 100III0IIII00II0II00III0I0000II000 Cisco® SIO Sourcefire VRT® (Vulnerability Research Team) Cisco Collective Security Intelligence Content Security Email Endpoints Web Networks IPS Devices WWW
- 8. Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco AMP delivers integrated… Retrospective SecurityAdditional Point-in-time Protection Continuous AnalysisFile Reputation & Sandboxing
- 9. Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved. AMP strengthens the first line of detection Reputation Filtering and File Sandboxing Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics One-to-One Signature
- 10. Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved. 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 AMP’s continuous retrospective security Breadth and Control points: File Fingerprint and Metadata File and Network I/O Process Information Telemetry Stream Continuous feed Web WWW Endpoints NetworkEmail Continuous analysis DevicesIPS
- 11. Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Web Security At-a-glance Centralized Management & Reporting Cisco Security Intelligence Operations (SIO) WWW URL Filtering Application Visibility and Control (AVC) Data Loss Prevention (DLP) Threat Monitoring & Analytics Advanced Malware Protection • Spots symptoms of infection based on behavioral anomalies (CWS only) and CNC traffic • Blocks unknown files via reputation and sandboxing • Continues to monitor threat levels after an attack • Contains 50M known sites • Categorizes unknown URLs in real time • Controls mobile, collaborative and web 2.0 applications • Enforces behaviors within web 2.0 applications • Blocks sensitive information • Integrates easily by ICAP with 3rd party vendors Offers actionable insight across threats, data and applications AllowWWW Limited AccessWWW BlockWWW Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min PROTECTION CONTROL
- 12. Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved. Acceptable Use Controls Beyond URL Filtering URL Filtering • Constantly updated URL database covering over 50 million sites worldwide • Real-time dynamic categorization for unknown URLs HTTP:// Application Visibility and Control (AVC) Hundreds of Apps Application Behavior 150,000+ Micro-apps • Control over mobile, collaborative and web 2.0 applications • Assured policy control over which apps can be used by which users and devices • Granular enforcement of behaviors within applications • Visibility of activity across the network +
- 13. Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Email Security At-a-glance Centralized Management & Reporting Cisco Security Intelligence Operations (SIO) Defense in Depth Policy Control DLP and EncryptionTargeted Threat Mitigation Advanced Malware Protection • Prevent phishing and blended threats • URL Filtering for advance policies • Blocks unknown files via reputation and sandboxing • Continues to monitor threat levels after an attack • SenderBase Reputation • Anti-Spam and Spoofing • Anti-Virus with Outbreak Filters • Dynamic update engines • Enhanced control over inbound and outbound traffic • Enforces behaviors within web 2.0 applications • Integration with RSA DLP policy engine and lexicons • Encrypt sensitive information Offers actionable insight across threats, data and applications Deliver Quarantine Drop Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min PROTECTION CONTROL Re-write URLs
- 14. Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved. Phishing Attack and URL Defense Controls Integrated email and web security Rewrite Email Contains URL URL Categorization Cisco SIO BLOCKEDwww.playboy.comBLOCKED BLOCKEDwww.proxy.orgBLOCKED Defang Replace Send to Cloud Cisco Security The requested web page has been blocked http://www.threatlink.com Cisco Email and Web Security protects your organization’s network from malicious software. Malware is designed to look like a legitimate email or website which accesses your computer, hides itself in your system, and damages files.
- 15. Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved. DLP and Compliance Built-in Comprehensive DLP Solution with RSA: Accurate, Easy, and Extensible Data Loss Prevention Incidents Policies Accurate, Easy, and Extensible • Fast setup • Low administrative overhead • Comprehensive policy creation and modification • Exceptional accuracy • Direct integration for enterprisewide DLP deployments • Secure delivery with on-box encryption. Data SecurityThreat Protection
- 16. Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved. Centralized Management and Reporting Analyze, Troubleshoot and Refine Security Policies Centralized ReportingCentralized Management In-depth Threat Visibility Extensive Forensic Capabilities Centralized Policy Management Delegated Administration Insight Across Threats, Data and Applications Control Consistent Policy Across Offices and for Remote Users Visibility Continuous Visibility Across Different Devices, Services and Network Layers
- 17. Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved. Flexible Licensing and Deployment Options On-Premise or In the Cloud Deployment Options Connection Methods On-premises Cloud Cloud FirewallRouter Roaming Virtual NGFW Roaming Appliance Appliance Redirectors WCCP PAC File Explicit WCCP PAC File Explicit Advanced Malware Protection Integrated on box – Licensed Plug-in Integrated - License
- 18. Thank you.