GOH Seow Hiong

Executive Director, Global Policy & Government Affairs, Asia Pacific

Cisco Systems

December 2017

Why is the NIST framework important?

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

• Does your company’s management report to the Board on cybersecurity? Regularly?

• Do you know when was the latest breach in the company?

• Do you know the damage from the last breach?

• Do you know the extent of the breach?

As board members …

THE EVOLVING THREAT LANDSCAPE

What threats do I face?

Shortage of cyber security experts

Evolving business needs

Dynamic threat landscape

Complexity and fragmentation

Security Challenges

Changing regulations and business models

Widening IT/Board communication gap

Attack surface

Threat actors

Attack sophistication

Fragmented security

Not interoperable

Not open

Talent crunch

Niche security skills

Increased costs

THE BIGGEST PROBLEM

Do I know if I’ve been compromised?

Cyber Attack – No If but When

Source: Verizon 2012 Data Breach Investigation Report

Whack-a-mole Approach

Recognizing Malware is Difficult and Not Enough

How easy is it to breach?

MY IT GUYS ARE ON IT!

How are they managing security?

Management Nightmare

25%Lack of Trained

Personnel

(-4%)

Complexity is a Significant Obstacle to Security

Business Constraints

55%of organizations use 6 to

>50 security vendors

65% of organizations use 6 to

>50 security products

2016 (n=2,850)

2016 (n=2,860)

35%Budget

25%Certification

Requirements

28%Compatibility

Issues

Vendor

(-4%)

(+/-0%)

(Change from 2015)

(+3%)

Products

Complexity

1-5 (45%) 6-10 (29%)

11-20 (18%) 21-50 (7%) Over 50 (3%)

1-5 (35%) 6-10 (29%)

11-20 (21%) 21-50 (11%)

Over 50 (6%)

Device enrollment challenges await….

374new devices per second

10 minto connect and define policy

7.8person-days of effort per second

245.8Mperson-days of effort per year

How do deal with the challenges?

Holistic not piecemeal approach

Evolution of defensive tactics

Medieval defense Modern defense

Analogy with Airport security

Identity Check AnyConnect

No Entry for Unauthorized OpenDNS

Boarding passISE

Security InspectionFirepower/AMP

Luggage Check ESA/WSA

Luggage Check InTalos

Isolates Electronic DeviceThreatGrid

Security CheckStealthWatch

Boarding on planeTrustSec

Immigration CheckASA

Leverage the network

Firewall and security infrastructure

Advanced threat intelligence

Governanceprocesses

Effective security requires integrated threat defense

Before After

Integrated threat defense

During

• Voluntary, open, transparent drafting process

• Voluntary, consensus-based standards leveraged

• Voluntary use of Framework by private sector

• Input to regulation & government procurement

NIST Cybersecurity Framework

NIST Cybersecurity Framework

Identify

Protect

DetectRespond

Recover

Asset management;

Business environment;

Governance;

Risk assessment;

Risk Management strategy

Access control;

Awareness training;

Data security;

Information protection

processes & procedures;

Protective technology

Anomalies and events;

Security continuous

monitoring;

Detection processes

Response planning;

Communications;

Analysis;

Mitigation;

Improvements

Recovery planning;

Improvements;

Communications

How do I measure?

Metrics

• Mean time to detect

• Mean time to contain

• Mean time to recovery

Does your management measure these?

Metrics

Detection is key

• Current average time-to-detect: 100-200 days

• Cisco in 2015: time-to-detect at 2 days

• Today:

• Cisco Time-to-detect at 6 hours

• Cisco in independent tests (NSS)

• 70% of breaches detected < 1 min

• 90% of breaches in 3 minutes

• 99% detection within 6 hours

• 100% in 24 hours

Looking forward

• Governments

• International bodies

• Private sectors and customers

Collaborating with Partners

250+Full Time Threat Intel Researchers

MILLIONSOf Telemetry Agents

4Global Data Centers

1100+Threat Traps

100+Threat Intelligence Partners

THREAT INTEL Per Day

1.5 MILLIONDaily Malware Samples

600 BILLIONDaily Email Messages, 86% SPAM

16 BILLIONDaily Web Requests

Honeypots

Open Source Communities

Vulnerability Discovery (Internal)

Product Telemetry

Internet-Wide Scanning

20 BILLIONThreats Blocked

INTEL SHARING

Cisco

Customer Data Sharing Programs

Service Provider Coordination Program

Open Source Intel Sharing

3rd Party Programs (MAPP)

Industry Sharing Partnerships (ISACs)

500+Participants

*Google : 3.5B searches/day

Address the Entire Attack Continuum

Network Endpoint Mobile Virtual Cloud

Network as a Sensor Network as an Enforcer

Total visibility + Minimum time to detect + Fast containment

.

BeforeDiscover

Enforce

Harden

AfterScope

Contain

Remediate

Detect

Block

Defend

During

• Risk-based Decisions

• People + Processes + Technology

• Ongoing self-examination

• Continuous Improvement

• Dynamic Threats

• Complexity is the Enemy

Security is a Journey, Not a Destination

Email: shgoh@cisco.com