Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
Cisco Customer Education 21st Century Network Security Protection with Cisco and OpenDNS
This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=021c09fcc5764d7cab02cadee2b56c2e
Thanks for your interest and participation!
Cisco Customer Education 21st Century Network Security Protection with Cisco and OpenDNS
Connect using the audio conference box or you can call into the meeting:
1. Toll-Free: (866) 432-9903
2. Enter Meeting ID: 203 941 285
3. Press “1” to join the conference.
Today’s Agenda
► Welcome from Cisco
► Security in the 21st Century
► Conclusion
► Cisco Security Solutions
► OpenDNS – A Crucial Security Countermeasure Priors: Cisco Sales and Channels (10.5 yrs) President and CEO (6 yrs) - Cisco Premier Partner Director of Sales (2 yrs) - Cisco Silver Partner Financial Analyst (7 yrs) - Sprint Corporation
About Your Host Brian Avery Territory Business Manager
Cisco Systems, Inc.
Cisco Confidential 4 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Welcome from Cisco
Cisco Confidential 5
Computer scientists, Len Bosack and Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
Cisco Confidential 6
Who Is Cisco?
Chuck Robbins, CEO, Cisco
• Dow Jones Industrial Average Fortune 100 Company (AAPL, CSCO, INTC, MSFT)
• $117B Market Capitalization
• $49.6B in Revenue
• $10B in Annual Net Profits
• $34B More Cash than Debt
• $5.9B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
Cisco Confidential 7 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Market Leadership Matters
No. 1 Voice
39%
No. 1 TelePresence
43%
No. 1 Web
Conferencing 41%
No. 1 Wireless LAN
50%
No. 2 x86 Blade Servers
27%
No. 1 Routing Edge/Core/
Access 45%
No. 1 Security
33%
No. 1 Switching Modular/Fixed
64%
No. 1 Storage Area
Networks 47%
Q1CY14
Cisco Confidential 8 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
§ CCE is an educational session for current and prospective Cisco customers
§ Designed to help you understand the capabilities and business benefits of Cisco technologies
§ Allow you to interact directly with Cisco subject matter experts and ask questions
§ Offer assistance if you need/want more information, demonstrations, etc.
What Is the Cisco Customer Education Series?
Cisco Confidential 9 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Security in the 21st Century
Cisco Confidential 10
The Good Old Days Are Over
Cisco Confidential 11 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Organizations Are Under Attack Industrial Hackers Are Making Big Money with Innovative Tactics
1990 1995 2000 2005 2010 2015 2020
Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic 95% of organizations interacted
with websites hosting malware 100% 1. Cybercrime is lucrative, barrier to entry is low 2. Hackers are smarter and have the resources to compromise your organization 3. Malware is more sophisticated 4. Organizations face tens of thousands of new malware samples per hour
Source: 2014 Cisco Annual Security Report
Global Cybercrime Market $450B‒$1T
Cisco Confidential 12
High Profile Breaches
As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf
1,000,000
70,000,000
56,000,000 2,600,000
1,100,000
And Yet… Organizations of every size are targets
60% of UK small businesses were compromised in 2014 (2014 Information Security Breaches Survey)
100% of corporate networks examined had malicious traffic (Cisco 2014 Annual Security Report)
41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)
Cisco Confidential 13 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Web Security Is More Important Than Ever Before
The web is a popular attack vector for criminals
Without proper control, your own users can put your business at risk
Increased cloud adoption creates greater vulnerabilities
Cisco Confidential 14 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Attack surface – web browsers
More than
85% of the companies studied were affected each month by malicious browser extensions
Cisco Confidential 15 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Users becoming complicit enablers of attacks
Untrustworthy sources
Clickfraud and Adware
Outdated browsers 10% 64%
IE requests running latest version
Chrome requests running latest version
vs
Attack surface – user error on web
Cisco Confidential 16 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Attackers: Shifts in the attack vectors
Java
Silverlight
Flash
Java drop 34%
Silverlight rise 228%
PDF and Flash steady
Log Volume
2015 Cisco Annual Security Report
Attack surface – web applications
Cisco Confidential 17 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
If you knew you were going to be compromised, would you do security differently?
It’s no longer a question of “if” you’ll be breached, it’s a question of “when”
Cisco Confidential 18 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Cisco Security Overview
Cisco Confidential 19 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Too Many Disparate Security Products Mean Gaps in Protection
vs
â
â
Fragmented offerings across multiple vendors
Streamlined advanced security solution
Cost
Lower opex and easier to manage
Higher total cost to build and run
Overall performance
Less communication between components
Better communication and integration
Time to detection
Faster time to detection
More lag in finding threats
20 CONFIDENTIAL
Branch
Campus Edge
Operational Technology
Cloud Data Center
Endpoint
Security Everywhere
Cisco’s Strategy
Cisco Confidential 21 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before Discover Enforce Harden
During Detect Block
Defend
After Scope Contain
Remediate
FireSIGHT and pxGrid
ASA VPN
OpenDNS Meraki
Advanced Malware Protection
Network as Enforcer
NGIPS
ESA/WSA
CWS Secure Access + Identity Services ThreatGRID
Cisco Confidential 22 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Combined with the Best Threat Intelligence Capabilities World-Class Threat Research
221B Total Threats
991M
Web + Malware Threats
19.7B Threats Per Day
1.4M
2.6M 9.9B
1.1M
1.8B
1B
8.2B
Incoming Malware Samples Per Day
Sender Base Reputation Queries
Per Day
Web Filtering Blocks Per Month
AV Blocks Per Day
Spyware Blocks Per Month
Blocks Per Sec Total Blocks Per Month
3.5 BILLION SEARCHES
TODAY
19.7 BILLION THREATS BLOCKED
TODAY
Cisco Confidential 23 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
More Effective Against Sophisticated Attacks
Source: Cisco Annual Security Report, 2016
Less than
1 Day 100 VS.
DAYS
Industry Cisco
Much Faster Than Most Organizations Discover Breaches
24 CONFIDENTIAL
Fast Deployment & Extensible Technology Across Many Solutions
Immediately Converts Threat Intelligence into Threat Prevention
SaaS Platform & Global Network
Applies Statistical Models to a Massive & Diverse Data Set
Security Platform
Threat Enforcement
Security Enabler
Threat Intelligence
OpenDNS Adds Cloud-Delivered Network Security
25 CONFIDENTIAL
OpenDNS Works With Everything You Use
FUTURE-PROOF EXTENSIBILITY
ANY NETWORK
Routers, Wi-Fi, SDN
ANY ENDPOINT
VPN, IoE ANY TECHNOLOGY
Firewalls, Gateways
SECURE APIs OPEN TO EVERYONE
SECURITY PROVIDERS Cisco, Check Point, FireEye
NETWORK PROVIDERS Meraki, Aruba,
Aerohive
CUSTOMERS
In-house Security Systems
26 CONFIDENTIAL
OpenDNS Adds to Cisco’s Security Portfolio before, during and after an attack
OpenDNS Umbrella
OpenDNS Investigate OpenDNS Investigate
stay ahead of future attacks by blocking malicious
domains, IPs, and ASNs
block callbacks and exfiltration on any port, protocol, or app
at the DNS & IP layers
query live threat intelligence of all the domains & IPs
on the internet
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Detect Block
Defend
DURING
ATTACK CONTINUUM
27 CONFIDENTIAL
Hi I’m Irwin Ki – [email protected] 415-828-4934 AE for accounts between 750-3500 employees
Predict and Prevent Security Threats Before They Happen
28 CONFIDENTIAL
A New Era for Enterprise Security Delivering a radically different
approach to security, OpenDNS predicts and prevents threats
before they happen.
29 CONFIDENTIAL
§ A system for relating names and numbers § Domain = IP Address § Amazon.com =
205.251.242.103 § Like a library of phone books
What is DNS? Domain Name System
30 CONFIDENTIAL
AUTHORITATIVE DNS Owns and publishes the “phone books”
DOMAIN REGISTRAR Maps and records names
to #s in “phone books”
RECURSIVE DNS Looks up & remembers the #s for each name
31 CONFIDENTIAL
Why DNS?
DNS is Everywhere
OpenDNS adds a Layer of Security
Everything uses DNS
Simple to Set Up Easy Win Blocks Access to Unsafe Places
32 CONFIDENTIAL
33 CONFIDENTIAL
DNS: Doth Protest Too Much
91.3% of malware uses DNS
68% of organizations don’t monitor it
A blind spot for attackers to gain command and control, exfiltrate data, and redirect traffic
34 CONFIDENTIAL
Breach and Malware Protection Prevent data exfiltration and
compromised systems by blocking C2 callbacks and malicious sites
Internet-wide Visibility
Speed up incident response with a live, up-to-date view of the Internet
Web Filtering and Cloud/IoT Visibility Enforce acceptable use, see
cloud services & IoT devices in use, and keep guest Wi-Fi safe
Problems We Solve
35 CONFIDENTIAL
What We Observe On The Internet
36 CONFIDENTIAL
Requests Per Day
80B Countries 160+
Daily Active Users
65M Enterprise Customers
10K
Our Perspective Diverse Set of Data
37 CONFIDENTIAL
Our View of the Internet providing visibility into global Internet activity (e.g. BGP, AS, Whois, DNS)
39 CONFIDENTIAL
INTERNET
MALWARE BOTNETS/C2 PHISHING
SANDBOX PROXY
NGFW NETFLOW
AV AV
AV AV
AV
AV
AV AV
ROUTER/UTM
AV AV
ROUTER/UTM
HERE?
& HERE?
& HERE?
& HERE?
& HERE?
OR HERE?
Where Do You Enforce Security?
CHALLENGES
Too Many Alerts via Appliances & AV
Wait Until Payloads Reaches Target
Every Payload Scan Slows Things Down
Too Much Time to Deploy Everywhere
BENEFITS
Alerts Reduced 2x; Improves Your SIEM
Traffic & Payloads Never Reach Target
Internet Access Is Faster; Not Slower
Provision Globally in UNDER 30 MINUTES
HQ
Branch Branch
Mobile
Mobile
40 CONFIDENTIAL
Apply statistical models and
human intelligence
Identify probable
malicious sites
Ingest millions of data
points per second
How Our Security Classification Works
a.ru
b.cn
7.7.1.3
e.net
5.9.0.1
p.com/jpg
41 CONFIDENTIAL
Patient Zero Hit
Defense Signature Built
Target Expansion
Wide-Scale Adoption
Monitor Adaption Based on Results
Domain Registration, IP, ASN Intel., Public/Private Announcements
Reconnaissance and Infrastructure Setup
Anatomy of a Cyber Attack
42 CONFIDENTIAL
PRODUCTS & TECHNOLOGIES
UMBRELLA Enforcement Network security service protects any device, anywhere
INVESTIGATE Intelligence Threat intelligence on domains and IPs across the Internet
43 CONFIDENTIAL
A new layer of breach protection with Internet-wide visibility on and off the network
Extend ATDs (FireEye) beyond the perimeter, and take immediate action on IOCs (Cisco)
Identify targeted attacks by comparing your activity versus the world’s
Investigate related attacks using a live graph of Internet activity
208.67.222.222
MALWARE
BOTNET
PHISHING
OpenDNS UMBRELLA
44 CONFIDENTIAL
Turn-Key and API-Based Integrations Works with what you already have
THREAT INTEL PLATFORMS
CUSTOM +
Indicators of Compromise
UMBRELLA Enforcement & Visibility
Logs or blocks domains sent from partner or custom systems
THREAT ANALYSIS & INTEL FEEDS
OTHERS +
THREAT DETECTION
OTHERS +
45 CONFIDENTIAL
Automate Security to Reduce Attack Dwell Time
CUSTOMER
COMMUNITY CUSTOMER & PARTNER THREAT
ANALYSIS & INTELLIGENCE
AMP Threat Grid
UMBRELLA Enforcement & Visibility
Automatically Pulls newly discovered malicious domains in minutes
Logs or Blocks all Internet activity destined to these domains
files domains
46 CONFIDENTIAL
A New Layer of Breach Protection
Threat Prevention Not just threat detection
Protects On & Off Network Not limited to devices forwarding traffic through on-prem appliances
Partner & Custom Integrations Does not require professional services to setup
Block by Domains for All Ports Not just IP addresses or domains only over ports 80/443
Always Up to Date No need for device to VPN back to an on-prem server for updates
UMBRELLA Enforcement
47 CONFIDENTIAL
Where Does Umbrella Fit?
INTERNET
ON NETWORK
ALL OTHER
TRAFFIC WEB
TRAFFIC EMAIL
TRAFFIC
INTERNET ALL
OTHER TRAFFIC
WEB TRAFFIC
EMAIL TRAFFIC
OFF NETWORK
ASA blocks inline by IP, URL or packet
ESA/CES blocks by sender
or content
WSA/CWS blocks by URL or content via proxy
ESA/CES blocks by sender
or content
CWS blocks by URL or content via proxy
Umbrella blocks by domain as well as IP or URL
Umbrella blocks by domain as well as IP or URL
48 CONFIDENTIAL
Investigate: The Most Powerful Way to Uncover Threats
DOMAINS, IPs & ASNs
CONSOLE SIEM, etc.
API
Key Points
Intelligence about domains and IPs across the Internet
Live graph of DNS requests and other contextual data
Correlated against statistical models
Discover & predict malicious domains & IPs
Enrich security data with global intelligence
49 CONFIDENTIAL
A Single, Correlated Source of Information
INVESTIGATE
WHOIS record data
ASN attribution
IP geolocation
IP reputation scores
Domain reputation scores
Domain co-occurrences
Anomaly detection (DGAs, FFNs)
DNS request patterns/geo. distribution
Passive DNS database
50 CONFIDENTIAL
Apply statistical models and
human intelligence
Identify probable
malicious sites
Ingest millions of data
points per second
How Our Security Classification Works
a.ru
b.cn
7.7.1.3
e.net
5.9.0.1
p.com/jpg
51 CONFIDENTIAL
Use Our Global Intelligence To…
Our Global Context
We Know All Its Relationships
Your Local Intelligence
You Know One IOC Speed up investigations
Prioritize investigations & response
Enrich security systems with real-time data
Stay ahead of attacks
52 CONFIDENTIAL
Enterprises Worldwide Use OpenDNS
Higher Education
Petroleum Refineries
IT Services
Law Firms/ Legal
Insurance Agencies
Physicians Office
Hospitals Commercial Banks
Credit Unions
Brokerage Firms
Engineering Services
Retail Stores
Supermarkets Restaurants
Pharmaceutical Manufacturer
R&D Organizations
Public Administration
Telecommunication Providers
53 CONFIDENTIAL
TRUSTED by Enterprises Worldwide
54 CONFIDENTIAL
MEASUREABLE VALUE ADD
<30 2X+ 10X ≥1 MINUTES TO GET
WORLDWIDE COVERAGE
COMPROMISED SYSTEMS
IDENTIFIED
REDUCTION IN ALERT NOISE
SECURITY FTE’S FREED UP
Using DHCP or AP controllers,
thousands of devices and locations are
secured
Than traditional network/endpoint security systems
or other advanced threat defenses
Through integrating our global threat
intelligence into your SIEMs and IR
processes via our APIs
Via lower OA&M, fewer infected devices
to be remediated, and more efficient incident response
55 CONFIDENTIAL
1 2 3 CLOUD SERVICE W/FULL SELF-PROVISIONED TRIAL
Point DNS traffic from one office without hardware or software and without network topology changes or device configuration changes
ADD OFF-NET COVERAGE & PER-DEVICE VISIBILITY
Protect your weakest links and identify which specific devices (or
users) are targeted by attacks; self-updating software is required
EXTEND PROTECTION & ENRICH DATA VIA APIs Help SOC teams to get more
value out of existing investments like FireEye and incident
response teams investigate threats faster
Get Started in 30 Seconds…Really
56 CONFIDENTIAL
Cisco Confidential 57 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
Thank You and Next Steps
Brian Avery [email protected]
Contact Your Cisco Partner https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
www.
Learn more about OpenDNS: https://www.opendns.com/
Cisco Confidential 58 © 2013-2014 Cisco and/or its affi l iates. All rights reserved.
§ CCE sessions are held weekly on a variety of topics
§ CCE sessions can help you understand the capabilities and business benefits of Cisco technologies
§ Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event
Thank you.