(kiseo@cisco.com)

© 2008 Cisco Systems, Inc. All rights reserved. 1

Cisco Systems Korea

Agenda

© 2008 Cisco Systems, Inc. All rights reserved. 2

© 2008 Cisco Systems, Inc. All rights reserved. 3

Threats Are Becoming Increasingly Difficult toIncreasingly Difficult to Detect and Mitigate

rity

Financial:Theft and Damage

reat

Sev

er

Fame:Viruses and Malware

Th

Notoriety:Notoriety:Basic Intrusions and Viruses

© 2008 Cisco Systems, Inc. All rights reserved. 4

1990 1995 2000 2005 2007 2010

Writers Middle Men Second-Stage Abusers

First-Stage Abusers End Value

Compromised

Tool Writers Hacker or Direct Attack

Fame

Malware Writers

Extortionist DDoS for Hire

Compromised Host and

Application

B t t C ti

Theft

Espionage

WormsMachine

Harvesting Spammer

Botnet Creation

Botnet Management

Espionage

Extortion

Viruses

T j Internal Theft

Information Harvesting Phisher

Pharmer/DNS

Management

Personal Information

Commercial Sales

Fraudulent

Spyware

Trojans Internal Theft Abuse of Privilege

Poisoning

Identity TheftInformation Brokerage

Fraudulent Sales

Click Fraud

© 2008 Cisco Systems, Inc. All rights reserved. 5

Electronic IP Leakage Financial Fraud

Source: 2007 CSI Survey

© 2008 Cisco Systems, Inc. All rights reserved. 6

Source: 2007 CSI Survey

, DDoS

© 2008 Cisco Systems, Inc. All rights reserved. 7

© 2008 Cisco Systems, Inc. All rights reserved. 8

Training and StaffingPolicy ImplementationPolicy ImplementationTraining and Staffing

Event Sharing and Collaboration

Configuration and ManagementConfiguration and ManagementEvent Sharing and Collaboration

NA A

Threat Intelligenceg

Threat Intelligence

Fi

Ne

IPsSG

a

Ho

AV G WA

ppFi

URSSSe

Mam Fi

NA

C

Firewall

Netw

ork IPS

IPsec VPN

Spam

Gatew

ay

Host IPS

AV Gatew

ay

Web

ApplicationFirew

all

UR

L Filter

SSL VPN

Security M

anage-m

ent

XML

Firewall

I t ti I t th N t k I f t t

NA

C

irewall

etwork

IPS

sec VPN

Spam

ateway

ost IPS

Gatew

ay

Web

plicationrew

all

RL Filter

SL VPN

ecurity anage-m

ent

XML

irewall

Integration Into the Network Infrastructure

© 2008 Cisco Systems, Inc. All rights reserved. 9

SDN

Integrated Adaptive CollaborativeIntegrated Adaptive Collaborative

NetworkSecurity

ApplicationSecurity

EndpointSecurity

ContentSecurity

Anti-VirusAnti-SpywareH-IPS

FirewallN-IDS / IPSRouter

Anti-PhisingContent FilteringEmail Security

XML F/WApplication F/W

H-IPSAccess Control

RouterSwitch

Email Security

T ffi C t l Vi P ti M l P ti A Att k P tiTraffic ControlWorm PreventionACLL2 Security

Virus PreventionHost ProtectionNetwork AdmissionControl

Malware PreventionURL FilteringAnti-SpamData Loss Prevention

App. Attack PreventionXML Packet Inspection

© 2008 Cisco Systems, Inc. All rights reserved. 10

Port 25 Port 80Content Security

Port 25 Port 80

Network Security

Locked the Network Doors, but E-Mail and Web Stayed Open

y

© 2008 Cisco Systems, Inc. All rights reserved. 11

Custom Web ApplicationsCustomized Packaged Applications

Internal and Third-Party Code75% Business Logic and Code

Operating

DatabaseServers

Operating

ApplicationServers

Operating

WebServers

Network

gSystemsSystems

gSystems

Network Firewall

IDS/IPS

“50% of enterprises and government agencies are using XML, Web services or SOA.” Source: Gartner

“XML accounted for 15% of internet traffic in 2005 By 2008 it is

“50% of enterprises and government agencies are using XML, Web services or SOA.” Source: Gartner

“XML accounted for 15% of internet traffic in 2005 By 2008 it is

© 2008 Cisco Systems, Inc. All rights reserved. 12

XML accounted for 15% of internet traffic in 2005. By 2008, it is expected to account for 50%.” Source: 451 Group

XML accounted for 15% of internet traffic in 2005. By 2008, it is expected to account for 50%.” Source: 451 Group

© 2008 Cisco Systems, Inc. All rights reserved. 13

0111111010101000100001000100111110

ACLFirewall

Application Recognition(NBAR)

N-IDS / IPS XML F/WApp. F/W

DDoS SolutionH-IPS

RFC2827uRPFCoPPN tfl

(NBAR)Flexible Packet Matching(FPM)F/W w/ App. EngineC t t S it

App. F/W H IPSEmail SecurityDNS Safeguard

NetflowL2 Security

Content Security

IPC /

Packet InspectionWorm App. Attack DDoS Protection

© 2008 Cisco Systems, Inc. All rights reserved. 14

TCP/UDP Malformed App.Prevention Protection Data LossPrevention

,

ApplicationInspection

ASA 5500 SeriesCat6K Sup32-PISAACE XML Firewall

Content

ACE Application Firewall

IronPort S Series (Web Security)ContentSecurity

IronPort S Series (Web Security)IronPort C Series (Email Security)

EndpointSecurity

NAC ApplianceCisco Security Agent (CSA)

DDoS AttackPrevention Guard and Detector

© 2008 Cisco Systems, Inc. All rights reserved. 15

© 2008 Cisco Systems, Inc. All rights reserved. 16

:

InternetGuard

ASA5500

D t t

DMZI P t

Detector

CSA

DMZIronPortS Series

ACE XML Fi ll

IronPortC Series

ACE XML FirewallACE App. Firewall

© 2008 Cisco Systems, Inc. All rights reserved. 17

Campus

: CSA

AccessSwitch Security

Access

Cat6K Sup32 PISA

Distribution

Cat6K Sup32-PISANBARFPM

NACA li

0111111010101000100001000100111110

Appliance

Core Switch Security

© 2008 Cisco Systems, Inc. All rights reserved. 18

:

CoreSwitch Security

AggregationXML FirewallApp. Firewall

Switch Security

Switch SecurityAccess

Switch Security

CSADetector

© 2008 Cisco Systems, Inc. All rights reserved. 19

© 2008 Cisco Systems, Inc. All rights reserved. 20

© 2008 Cisco Systems, Inc. All rights reserved. 21