Cloud Security final - CiscoDNS-layer security Deploy enterprise wide in minutes Block domains associated with malware, phishing, command and control callbacks anywhere Stop threats

Cisco Virtual Update onCloud Security

14/8– 2019

Mikael Grotrian, CISSP, CISM, CCSK, GISF, ITIL, PRINCE2, TOGAF Certified

Consulting Systems Engineer, Cyber Security, Denmark

Secure Internet Gateway

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco

VPN MPLS

Roaming/mobileBranch office HQ

InternetNetwork: Centralized

Security: Single place to enforce policies and protection

Traditional model


SD WAN DIA/DCA

Network: Decentralized

Security: Protect at data center, cloud, and branch edge

Today’s model

Internet / SaaS

Roaming/mobileBranch office HQ


Cisco Umbrella

On & off corporate network

All internet & web traffic

All apps

All devices

URL block/allow lists

Port & protocol rules

Content filtering

App control

DNS-layer security

Web inspection

File inspection

Threat intel access

Secure onramp to the internet, everywhere

Powered by Cisco Talos threat intelligence

ControlProtectionVisibility

Secure internet gateway


Deliver protection everywhere

HQ Roaming/mobile Branch DIA/DCA

Enable off-networkBoost existing security Transform edge security

Internet / SaaS

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco © 2019 Cisco and/or its affiliates. All rights reserved. Cisco

Simple, effective protection across your Cisco SD-WAN fabric

Internet/SaaS

Umbrella

Data Center Branch

DIA

SD-WAN fabric

MPLS


DNS-layer security

Secure web gateway

Cloud-delivered firewall

SaaS usage controls (CASB)

Correlated threat intel access

CiscoUmbrella

SD-WAN ON/OFF NETWORK DEVICES


DNS-layer security

Deploy enterprise wide in minutes

Block domains associated with malware, phishing, command and control callbacks anywhere

Stop threats at the earliest point and contain malware if already inside

Amazing user experience — faster internet access; only proxy risky domains

Safe request

Blocked request

First line of defense

SD-WAN ON/OFF NETWORK DEVICES


Secure web gateway: full web proxy Deep inspection and control of web traffic

Full web proxyContent

control

App discovery & control

File inspection & blocking

Capture all web traffic with full URL logging and blocking capabilities

Enforce acceptable use policies with content filtering and URL blocking

Block more malware with SSL decryption and file inspection

Additional functionality to be delivered in phases as developed

URL logging and blocking

x


Tunnel all outbound traffic to Umbrella

Centrally manage IP, port, and protocol rules (L3/L4)

Anonymize IP to separate guest and employee traffic to eliminate negative impact on security rating (e.g. BitSight)

Cloud-delivered firewallFirewall for the cloud edge

TUNNEL (IPSEC)

NON-WEB / SITE EXCLUSIONS

Umbrella

80/443

SWGCDFW

Internet/SaaS

DEVICES ON NETWORK


DNS SWG

NAT

Internet/SaaS

SD-WAN DEVICES ON NETWORK

CDFW

80/443

Port 21

Enforcement that works together

DNS-layer security: First check for domains associated with malware

Cloud-delivered firewall (CDFW): Next check for IP, port, and protocol rules

Secure web gateway (SWG): Final check of all web traffic for malware and policy violations

Improved responsiveness and performance

Umbrella

DNS, CDFW, and SWG blocks


APP DISCOVERY & BLOCKING

CASB functionality to address Shadow IT and enable secure cloud adoption

Visibility into cloud app usage by risk with links to app details

Status of discovered apps

Summary of high risk categories

Ability to easily block unapproved apps


Umbrella

Data Center Branch

DIA

SD-WAN fabric

MPLS

Cisco SD-WAN integration

Quickly deploy DNS-layer security as first line of defense

Add deeper inspection and control with cloud-delivered firewall and secure web gateway capabilities

Easily scale security with future SaaS and web traffic growth

SWGCDFWDNS

COMING SOON!

Simple, effective protection across your Cisco SD-WAN fabric


250+ full-time threat researchers and data

scientists

Analyzing 1.5 million unique malware samples daily

Blocking 20 billion threats daily. More than 20x any other vendor.

Cisco Talos: the largest non-government threat intelligence organization on the planet

We see more so you can block more and respond faster to threats.


Data centers co-located at major IXPs

100%business uptime

since 2006


Anycast IP routing for reliability YVR

208.67.222.222DFW

208.67.222.222

All data centers announce same IP address

Customer points DNS traffic to our IP address

Requests transparently sent to fastest available with automated failover

DNS-LAYER SECURITY


Leveraging Anycast for tunnel reliability and resilience

PAO208.67.222.222

LAX208.67.222.222

Customers choose data center to handle requests

Customers do not have to build a backup IPSec tunnel

If data center fails, customers’ IPSec tunnel automatically moves with minimal downtime

SECURE WEB GATEWAY & CLOUD-DELIVERED FIREWALL

Other significant news


Meraki MR + Umbrella integrationUmbrella now integrates with Meraki MR wireless access points.

Integration benefits:

• Simplest way to deploy Umbrella across a wireless network.

• Conveniently enable Umbrella policies directly in the Meraki dashboard.

• Create granular policies on a per-SSID basis or by using Meraki group policies.

Meraki Dashboard: Appy Umbrella policies on a per-SSID basis or by using Meraki group policies.

Umbrella Meraki MR

DEPLOYMENT


Virtual Appliance for AzureCustomers can now deploy the Umbrella Virtual Appliance on Azure.

Branches that have an ExpressRoute connection to Azure can now deploy the VA in Azure and use that for DNS resolution for their on-premise endpoints. They will no longer require virtualized infrastructure in the branch itself for this purpose.

All customers who are entitled to deploy a VA (EDU, Insights or above license) can deploy the VA on Azure.

Learn more:https://docs.umbrella.com/deployment-umbrella/docs/deploy-vas-on-microsoft-azure

https://docs.umbrella.com/deployment-umbrella/docs/5-configuring-the-vas#section-enter-configuration-mode-on-a-va-deployed-in-azure

DEPLOYMENT

https://docs.umbrella.com/deployment-umbrella/docs/deploy-vas-on-microsoft-azure

https://docs.umbrella.com/deployment-umbrella/docs/5-configuring-the-vas


Reporting API

• A simple and fast way to extract key events from Umbrella and integrate with a SIEM or TIP

• Makes it easy to identify the level of exposure to a malicious or suspicious domain within a network by providing a snapshot of key details such as:

– Total volume of DNS resolutions for the domain

– Specific users affected • Availability:

All Umbrella Enterprise packages

MANAGEMENT

Use the API Key to get started


Realtime DNS Tunneling

Client Umbrella Resolver Attacker Server

In resolver query examination &

detection

Instant detection, fully automated

INTELLIGENCE


Cryptomining category

• Use this feature to detect any unsolicited cryptomining in your environment & to block it

• Now you can view crypotomining activity in your environment right from the Umbrella dashboard

DASHBOARD

Newly added category


Umbrella Multi-AD Domain SupportMANAGEMENT

• With multi-AD domain support, customers can now configure DNS policy from AD groups, users and computers across AD domains and view reporting across AD domains in a single org.

• Eligibility: Currently limited to new customers or customers who have onboarded a maximum of one AD domain in a single org can now onboard additional AD domains in the same org.

Learn more: https://support.umbrella.com/hc/en-us/articles/360022588891-Multi-AD-Domain-Support-in-Umbrella

https://support.umbrella.com/hc/en-us/articles/360022588891-Multi-AD-Domain-Support-in-Umbrella


Cisco Threat Response and Cisco Umbrella Unleashing the power of our integrated security architecture

INTEGRATION

• Cisco Threat Response automates integrations across Cisco security products

• Reduces the time and effort spent on key security operations functions: § Detection§ Investigation§ Remediation

• Integrates with Umbrella to offer rich visibility into internet activity

• Aggregates intelligence across Cisco security products, Cisco Talos & 3rd party sources

• Available at no additional charge for Umbrella customers


Other releases – cherry pickingSep 2018 Cisco Umbrella Chromebook client

Dec 2018 EU Data Warehouse

Oct 2018 Management API

Oct 2018 Anycast support on VA

Oct 2018 SNMP Monitoring of the VA

Oct 2018 IPv6 Network Identities

Oct 2018 ASA Umbrella Integration

Dec 2018 DNS Monitoring

July 2019 Microsoft InTune support for Cisco Security Connector

Følg med§ Talos blog

§ Cisco security blog

§ Tech Updates

§ Afholdte seminarer

§ Security Chalk Talks

§ Secure Internet Gateway

§ Umbrella / OpenDNS

§ CloudLock

§ Umbrella

§ CloudLock

§ Stealthwatch cloud

§ AMP Visibility på youtube

§ Join Cisco Security på Blackhat, Defcon etc. og på Talos Threat Research Summit @ Cisco Live

Tag fat i jeres Account Manager, Jesper Rathsach, Tue Frei Noergaard, Kristian Von Staffeldt, Jan Minche, Kim Andersen eller Mikael Grotrian for endybere gennemgang, Proof of Value eller en Dcloud demo adgang.

http://blogs.cisco.com/talos

http://blogs.cisco.com/security

http://www.cisco.com/c/da_dk/training-events/seminars-2016.html

http://www.cisco.com/c/da_dk/training-events/seminar-materials.html

https://www.youtube.com/playlist?list=PLFT-9JpKjRTANXKBmLbQ611TPYLXbUL_0

https://umbrella.cisco.com/products/secure-internet-gateway

https://www.youtube.com/channel/UCqZ3pD7tVVcfUj8k5MYcp0Q

https://www.youtube.com/channel/UCAnkS4TtqRy2eJkdjnMzqTw

https://umbrella.cisco.com/

https://www.cisco.com/c/en/us/products/security/cloudlock/index.html

https://www.cisco.com/c/en/us/products/security/stealthwatch/stealthwatch-cloud-free-offer.html

https://www.youtube.com/watch?v=MXlPIwefF8U

https://blog.talosintelligence.com/2019/03/registration-for-2019-talos-threat.html

Documents

Cloud Security final - CiscoDNS-layer security Deploy enterprise wide in minutes Block domains associated with malware, phishing, command and control callbacks anywhere Stop threats