Embed Size (px)
Citation preview
Enabling Open & Programmable Networks
Threat Centric Security for Service Providers
Sam RastogiService Provider Security Product MarketingOctober 12, 2016
Breaches are the New Normal
Cisco Confidential
FDA Wards of Security Flaw in Infusion Pump
3
Cyber Security is a Boardroom Discussion
Security Breaches are Costly
Security is the #1 Issue for Your Customers
Protect Now the Value You Intend to Create Tomorrow
Digitization is disrupting the SP businessThe world has gone mobile Traffic growth, driven by video
Rise of cloud computing Machine-to-Machine
Changing Customer Expectations Ubiquitous Access
to Apps & Services
10X Mobile Traffic GrowthFrom 2013-2019
Changing Enterprise Business Models Efficiency & Capacity
Soon to Change SP Architectures/ Service Delivery
Emergence of the Internet of Everything
Process ThingsPeople DataPetabytes per Month
Other (43%, 25%)120,000
100,000
80,000
60,000
40,000
20,000
0
Internet Video (57%, 75%)
2013 2014 2015 2016 2017 2018
23% Global CAGR
2013- 2018
Dynamic Threat Landscape
Increasing Threat Sophistication
Risks to Service Providersand Their Customers
Leaving you vulnerable to security breaches at key points in your network
1Verizon – 2015 Data Breach Investigations Report2 Ponemon Institute - 2015 Cost of Data Breach Study: Global Analysis
3Verizon – 2014 Data Breach Investigations Report4Verizon – 2014 Data Breach Investigations Report
Loss of customer trust
Loss for every 1k data files breached1
$87k
Average lost business cost per attack2
$1.45M
Of security breaches compromise data in
hours3
60%
Of security breaches are not detected until months later4
54%
Legacy Security: Costly & Complex
Siloed
Inefficient
Manual
Limited integration, security gaps
Hard-coded processes
Over-provisioned, static, and slow
Hinders realization of open and
programmable networks
Cisco’s #1Priority
Threat-Centric Security
BillionsInvested
5KPeopleStrong
CognitiveSourcefireThreatGRIDNeohapsisOpenDNSPortcullisLancopeCloudLock
Broad/Deep Portfolio
Trusted Advisor
#1 Cybersecurity Company
Expanding Services Capabilities
Pervasive Security
Cisco is Investing in Security Growth
Services
Attack Continuum
Before During After
Customer Premise
OperationalTechnology
CloudDataCenter
Endpoint NetworkEdge
Security Everywhere
Visibility Across Threat VectorsYou Can’t Find What You Can’t See
Customer Premise
CloudDataCenter
Endpoint NetworkEdge OperationalTechnology
Visibility, Context, and Control• Your Network Is Your Sensor
Use network data to extend visibility to the access layer
Network
Identity
Routers and Switches
Firewall
Context
Enrich flow of data with identity, events, proxy,and application to create context
Accelerated detection,investigation and response.
WHO WHAT WHERE WHEN HOW
Proxy Server
Devices
Premiere Portfolio in the Industry
Best of Breed | Architectural Approach
Threat Intelligence
Visibility
CloudNetwork Integrated
Web
WWW
NGFW/NGIPSAdvanced Threat
Policy and AccessUTM
Integrated for Best Threat Protection
Combined with the Best Threat Intelligence CapabilitiesWorld-Class Threat Research
19.7BThreats Per Day
1.4M
1.1M
1.8B
1B
8.2B
Incoming Malware Samples Per Day
Sender Base Reputation Queries
Per Day
Web Filtering Blocks Per Month
AV Blocks Per Day
Spyware Blocks Per Month
260+Threat Researchers
100 TBThreat Intelligence
Advanced Malware ProtectionAMP Everywhere: See Once, Protect Everywhere
Networks WebEndpoint
AMP Intelligence Sharing
WWW
Visibility
ThreatIntelligence
More Effective Against Sophisticated Attacks
Source: Cisco Annual Security Report, 2016
Less than
1 Day100 VS.
DAYS
Industry Cisco
Much Faster Than Most Organizations Discover Breaches
Operational Efficiency
Integrated Security
Enhanced Agility
High speed, scalable security
Dynamic service stitching
Dynamic provisioning across physical, virtual, and cloud
Automated and consistent security policies
Lower integration costs and complexity
RESTful APIs and 3rd party tool integration
Best of Breed security = Cisco + 3rd party
Security services in a consolidated platform
Visibility and correlation
Threat-Centric Security for Service Providers
Cisco Evolved Programmable Network
SSLFWSIEMDDoS
Cisco Firepower threat-centric security collapses siloed services
Cisco Tightly Integrates Security Services
IPSWAF
Cisco Evolved Services Platform
Application and Services
Open
APIs
Open
APIs
Cisco Evolved Programmable Network
Cisco Consolidates Security Services
1001000101111000101110
1001000101111000101110
1001000101111000101110
1001000101111000101110
1001000101111000101110
Legacy Security: Siloed, Inefficient & Expensive
Data Packet
1001000101111000101110
/
1001000101111000101110
DDoS Platform
SSL Platform FW Platform
WAF Platform
IPS Platform
Sandbox Platform
SSL
DDoS WAF
FW IPS
Sandbox
Reduced Effectiveness Increased Latency Slows Network Static & Manual
Cisco Transforms Security Service IntegrationData Packet
1001000101111000101110
DDoS Platform
SSL Platform FW Platform
WAF Platform
IPS Platform
Sandbox
SSL
DDoS WAF
FW IPS
Sandbox
Limited effectiveness Increased latency Slows network Static & ManualUnified Platform
Data Packet
1001000101111000101110
DDoS FW WAF NGIPSSSL AMP
Integrated
Maximum protection Highly efficient Scalable processing Dynamic
Siloed
Key:Cisco Service
3rd Party Service
Unified Platform
Looking Forward: Intelligent Service Stitching
Metadata tag
Data Packet
1001000101111000101110
DDoS SSL WAF NGIPS AMPFW
Smart tags eliminate needless re-inspection
Automates security service intelligence
Optimize security via dynamic service stitching
xxx
Key:
Cisco Service
3rd Party Service
Vision & StrategyPhysical, Virtual & Cloud
Virtual CloudPhysical
Carrier-Class
Firepower 9300 PlatformHigh-Speed, Scalable Security
ModularMulti-Service Security
Benefits• Integration of best-of-breed security• Dynamic service stitching
Features• ASA container• Firepower Threat Defense containers
• NGIPS, AMP, URL, AVC• 3rd Party containers
• Radware DDoS• Other ecosystem partners
Benefits• Standards and interoperability• Flexible Architecture
Features• Template driven security• Secure containerization for customer apps
• Restful/JSON API• 3rd party orchestration/management
Benefits• Industry Leading Performance / RU
• 600% Higher Performance• 30% higher port density
Features• Compact, 3RU form factor• 10G/40G I/O;; 100G ready• Terabit backplane• Low latency, Intelligent fastpath• NEBS ready
* Contact Cisco for services availability
Cisco Firepower 4100 SeriesFour high-performance models
Performance and Density Optimization Unified Management Multiservice
Security
• Integrated inspection engines for FW, NGIPS, Application Visibility and Control (AVC), URL, Cisco Advanced Malware Protection (AMP)
• Radware DefensePro DDoS• ASA and other future third party
• 10-Gbps and 40-Gbps interfaces
• Up to 80-Gbps throughput• 1-rack-unit (RU) form factor• Low latency
• Single management interface with Firepower Threat Defense
• Unified policy with inheritance• Choice of management deployment options
Arbor NetworksThreat Management System (TMS)
Network Embedded, Virtual DDoS Protection
Up to 40 Gbps Mitigation per VSM
Arbor NetworksThreat ManagementSystem (TMS)
Arbor Networks SP
+
Arbor NetworksThreat ManagementSystem (TMS)
Arbor Networks SP ASR 9000 with Virtual Services Module (VSM)
=Cisco ASR 9000vDDoS Protection
“Powered by Arbor Networks”
25
Optimization
Migration
Integration
Program Strategy
Architecture & Design
Assessments
Product Support Hosted Security Managed Security
Security Services Wrapper
Network and Mobile SecurityUse Case HW Requirements
• Ultra High Performance FW• High Port Density, 100Gbps • NEBS• Power Efficiency
SW Requirements• Mobile Access: Strong authentication, authorization (IKE v1/V2 & PKI protocols);; Data confidentiality w/ IPSec ESP;; LTE S1 FW (GTP, S1-SP FW)
• Partner Edge: GTP, NAT• Internet Edge: DDoS, FW, NAT, IPS, Content Filtering
Mobile Packet Core
Mobile Access Edge
Partner Edge
Internet Edge Internet
• Scalability: High Throughput• Multi-Tenancy: Multi-Context• Segmentation: Internal/External• North-South, East-West traffic• Multi-Site Security & Mobility• Multi-Vendor Orchestration
Data Center SecurityPublic, Private Cloud & Media/Video Data Center
Requirements
Benefits• High Scale: access rule, TrustSec• Network Integration: Routing, switching, inter-site DC extensions
• High Density: 40G/100G• Clustering: Intra-chassis, Inter-chassis, Inter-site
• DDoS, NGIPS, AMP, Stealthwatch• Consistent Policy Mgmt
Global Orchestration
Global Orchestration
Global Orchestration
Global Orchestration
Cloud Security as a ServiceUse Case Benefits
• Lower OPEX Costs
• Minimize Truck Roll
• Simplify Service Activation
• Flexible service delivery and licensing models
• Enable Service Customization
• Flexible Deployment: SP or Cisco Managed
Cloud
CPE
SP
Switching AP Voice
VPN CGNAT DHCP Routing NGFW
IPS
WWW
WEB EMAIL MALWARE CONTEXT
End-to-End Network Visibility from SP Core toCustomer Premise
UnmatchedVisibility
Consistent Control
Consistent Policies Across Network, Data Center, and Workloads
Complexity Reduction
Reduce IT Silos, Respond Faster to New Opportunities & Business Models
Detect & Mitigate Advanced Threats across CPE, Cloud,
and Network
Advanced Threat Protection
Cisco Difference for Service Providers
