Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Cisco Virtual Update onCloud Security
14/8– 2019
Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified
Consulting Systems Engineer, Cyber Security, Denmark
Secure Internet Gateway
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
VPN MPLS
Roaming/mobileBranch office HQ
InternetNetwork: Centralized
Security: Single place to enforce policies and protection
Traditional model
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
SD WAN DIA/DCA
Network: Decentralized
Security: Protect at data center, cloud, and branch edge
Today’s model
Internet / SaaS
Roaming/mobileBranch office HQ
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Umbrella
On & off corporate network
All internet & web traffic
All apps
All devices
URL block/allow lists
Port & protocol rules
Content filtering
App control
DNS-layer security
Web inspection
File inspection
Threat intel access
Secure onramp to the internet, everywhere
Powered by Cisco Talos threat intelligence
ControlProtectionVisibility
Secure internet gateway
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Deliver protection everywhere
HQ Roaming/mobile Branch DIA/DCA
Enable off-networkBoost existing security Transform edge security
Internet / SaaS
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco © 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Simple, effective protection across your Cisco SD-WAN fabric
Internet/SaaS
Umbrella
Data Center Branch
DIA
SD-WAN fabric
MPLS
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
DNS-layer security
Secure web gateway
Cloud-delivered firewall
SaaS usage controls (CASB)
Correlated threat intel access
CiscoUmbrella
SD-WAN ON/OFF NETWORK DEVICES
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
DNS-layer security
Deploy enterprise wide in minutes
Block domains associated with malware, phishing, command and control callbacks anywhere
Stop threats at the earliest point and contain malware if already inside
Amazing user experience — faster internet access; only proxy risky domains
Safe request
Blocked request
First line of defense
SD-WAN ON/OFF NETWORK DEVICES
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Secure web gateway: full web proxy Deep inspection and control of web traffic
Full web proxyContent
control
App discovery & control
File inspection & blocking
Capture all web traffic with full URL logging and blocking capabilities
Enforce acceptable use policies with content filtering and URL blocking
Block more malware with SSL decryption and file inspection
Additional functionality to be delivered in phases as developed
URL logging and blocking
x
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Tunnel all outbound traffic to Umbrella
Centrally manage IP, port, and protocol rules (L3/L4)
Anonymize IP to separate guest and employee traffic to eliminate negative impact on security rating (e.g. BitSight)
Cloud-delivered firewallFirewall for the cloud edge
TUNNEL (IPSEC)
NON-WEB / SITE EXCLUSIONS
Umbrella
80/443
SWGCDFW
Internet/SaaS
DEVICES ON NETWORK
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
DNS SWG
NAT
Internet/SaaS
SD-WAN DEVICES ON NETWORK
CDFW
80/443
Port 21
Enforcement that works together
DNS-layer security: First check for domains associated with malware
Cloud-delivered firewall (CDFW): Next check for IP, port, and protocol rules
Secure web gateway (SWG): Final check of all web traffic for malware and policy violations
Improved responsiveness and performance
Umbrella
DNS, CDFW, and SWG blocks
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
APP DISCOVERY & BLOCKING
CASB functionality to address Shadow IT and enable secure cloud adoption
Visibility into cloud app usage by risk with links to app details
Status of discovered apps
Summary of high risk categories
Ability to easily block unapproved apps
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Umbrella
Data Center Branch
DIA
SD-WAN fabric
MPLS
Cisco SD-WAN integration
Quickly deploy DNS-layer security as first line of defense
Add deeper inspection and control with cloud-delivered firewall and secure web gateway capabilities
Easily scale security with future SaaS and web traffic growth
SWGCDFWDNS
COMING SOON!
Simple, effective protection across your Cisco SD-WAN fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
250+ full-time threat researchers and data
scientists
Analyzing 1.5 million unique malware samples daily
Blocking 20 billion threats daily. More than 20x any other vendor.
Cisco Talos: the largest non-government threat intelligence organization on the planet
We see more so you can block more and respond faster to threats.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Data centers co-located at major IXPs
100%business uptime
since 2006
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Anycast IP routing for reliability YVR
208.67.222.222DFW
208.67.222.222
All data centers announce same IP address
Customer points DNS traffic to our IP address
Requests transparently sent to fastest available with automated failover
DNS-LAYER SECURITY
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco
Leveraging Anycast for tunnel reliability and resilience
PAO208.67.222.222
LAX208.67.222.222
Customers choose data center to handle requests
Customers do not have to build a backup IPSec tunnel
If data center fails, customers’ IPSec tunnel automatically moves with minimal downtime
SECURE WEB GATEWAY & CLOUD-DELIVERED FIREWALL
Other significant news
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Meraki MR + Umbrella integrationUmbrella now integrates with Meraki MR wireless access points.
Integration benefits:
• Simplest way to deploy Umbrella across a wireless network.
• Conveniently enable Umbrella policies directly in the Meraki dashboard.
• Create granular policies on a per-SSID basis or by using Meraki group policies.
Meraki Dashboard: Appy Umbrella policies on a per-SSID basis or by using Meraki group policies.
Umbrella Meraki MR
DEPLOYMENT
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Virtual Appliance for AzureCustomers can now deploy the Umbrella Virtual Appliance on Azure.
Branches that have an ExpressRoute connection to Azure can now deploy the VA in Azure and use that for DNS resolution for their on-premise endpoints. They will no longer require virtualized infrastructure in the branch itself for this purpose.
All customers who are entitled to deploy a VA (EDU, Insights or above license) can deploy the VA on Azure.
Learn more:https://docs.umbrella.com/deployment-umbrella/docs/deploy-vas-on-microsoft-azure
https://docs.umbrella.com/deployment-umbrella/docs/5-configuring-the-vas#section-enter-configuration-mode-on-a-va-deployed-in-azure
DEPLOYMENT
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Reporting API
• A simple and fast way to extract key events from Umbrella and integrate with a SIEM or TIP
• Makes it easy to identify the level of exposure to a malicious or suspicious domain within a network by providing a snapshot of key details such as:
– Total volume of DNS resolutions for the domain
– Specific users affected • Availability:
All Umbrella Enterprise packages
MANAGEMENT
Use the API Key to get started
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Realtime DNS Tunneling
Client Umbrella Resolver Attacker Server
In resolver query examination &
detection
Instant detection, fully automated
INTELLIGENCE
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Cryptomining category
• Use this feature to detect any unsolicited cryptomining in your environment & to block it
• Now you can view crypotomining activity in your environment right from the Umbrella dashboard
DASHBOARD
Newly added category
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Umbrella Multi-AD Domain SupportMANAGEMENT
• With multi-AD domain support, customers can now configure DNS policy from AD groups, users and computers across AD domains and view reporting across AD domains in a single org.
• Eligibility: Currently limited to new customers or customers who have onboarded a maximum of one AD domain in a single org can now onboard additional AD domains in the same org.
Learn more: https://support.umbrella.com/hc/en-us/articles/360022588891-Multi-AD-Domain-Support-in-Umbrella
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Cisco Threat Response and Cisco Umbrella Unleashing the power of our integrated security architecture
INTEGRATION
• Cisco Threat Response automates integrations across Cisco security products
• Reduces the time and effort spent on key security operations functions: § Detection§ Investigation§ Remediation
• Integrates with Umbrella to offer rich visibility into internet activity
• Aggregates intelligence across Cisco security products, Cisco Talos & 3rd party sources
• Available at no additional charge for Umbrella customers
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco
Other releases – cherry pickingSep 2018 Cisco Umbrella Chromebook client
Dec 2018 EU Data Warehouse
Oct 2018 Management API
Oct 2018 Anycast support on VA
Oct 2018 SNMP Monitoring of the VA
Oct 2018 IPv6 Network Identities
Oct 2018 ASA Umbrella Integration
Dec 2018 DNS Monitoring
July 2019 Microsoft InTune support for Cisco Security Connector
Følg med§ Talos blog
§ Cisco security blog
§ Tech Updates
§ Afholdte seminarer
§ Security Chalk Talks
§ Secure Internet Gateway
§ Umbrella / OpenDNS
§ CloudLock
§ Umbrella
§ CloudLock
§ Stealthwatch cloud
§ AMP Visibility på youtube
§ Join Cisco Security på Blackhat, Defcon etc. og på Talos Threat Research Summit @ Cisco Live
Tag fat i jeres Account Manager, Jesper Rathsach, Tue Frei Noergaard, Kristian Von Staffeldt, Jan Minche, Kim Andersen eller Mikael Grotrian for endybere gennemgang, Proof of Value eller en Dcloud demo adgang.