Tomas Kupka, Milan Habrcetl

October 10th, 2017

Network Security

The Network. Intuitive.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Da

taA

va

ilab

ility

The Evolution of Security Threats

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The Evolution of Ransomware

PC Cyborg

2001

GPCoder

2005 2012 2013 2014

Fake Antivirus

2006

First commercial

Android phone

2007

QiaoZhaz

20081989 2015 2016

CRYZIP

Redplus

Bitcoin network launched

RevetonRansomlock

Dirty DecryptCryptorbitCryptographic LockerUrausy

Cryptolocker

CryptoDefenseKolerKovterSimplelockCokriCBT-LockerTorrentLockerVirlockCoinVaultSvpeng

TeslaCrypt

VirlockLockdroidReveton

ToxCryptvaultDMALockChimeraHidden TearLockscreenTeslacrypt 2.0

Cryptowall

SamSam

Locky

CerberRadamantHydracryptRokkuJigsawPowerware

73V3NKerangerPetyaTeslacrypt 3.0Teslacrypt 4.0Teslacrypt 4.1

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Enterprise Network Security Should Provide…

Effective protection

against known and

unknown threats

Unified security

that reduces risk

and complexity

Detailed network

traffic visibility for

threat detection

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco Ransomware Defense

Talos Security

Intelligence and

AMP ThreatGrid

RANSOMWARE

CONTAINED

ISE+TrustSec

deploys

dynamic

Containment

NGFW

protects and

segments from

clean systems

ISE pushes

containment

policy using

TrustSec and

Firepower

Stealthwatch

detects and

alertsSW ISE

RANSOMWARE

INFECTED

Malicious

Infrastructure

Zero-day

Attack and

Infection

CLEAN

SYSTEMS

DETECT AND CONTAIN IN NETWORK

NGFW blocks

inbound and

outbound

connections

Stealthwatch

detects and

alerts

C2 callbacks Worm propagation

Umbrella

w/Web

blocks

AMP4E

Email w/AMP blocks

ransomware phishing attacks

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialSecure your digital network in real-time, all the time, everywhere

Network as a SensorVisibility and analytics across the extended enterprise,

industry-leading threat intelligence

Trustworthy Systems

Security embedded into hardware and software by design

Network as an EnforcerConsistent threat protection and remediation across the network

Cisco Enterprise Network Security

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Network as a Sensor and Enforcer

Get Answers Faster

Use Cisco® Platform Exchange Grid

(pxGrid) partner technologies to find

threats faster and improve visibility

Stop Attacks Faster

Use the network to contain attacks

manually or automatically to reduce time

to respond

Protect Critical Data Faster

Dynamically restrict access

permissions or remove a device as

its threat score worsens

SIEM

Firepower

Firewall

Custom

Detection

Stealthwatch

ThreatSecurity Intelligence

Automatic or Initiated by IT Admin

~5 Seconds

ISEpxGrid

ISE

Switch Router Router Firewall ServerData Center

SwitchWANUser

Who What When Where How

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Video

https://www.youtube.com/watch?v=GvLnb4YQHh0

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Enhanced Network as a Sensor and Enforcer

Default Deny

IoT Virtual Network

Group 3 Group 4

Deny

Limit Lateral

Movement of Threats

Employee Virtual Network

Group 1 Group 2

Deny

Automate Threat

Response

• One time provisioning to implement

across access, campus, and WAN

• No IP Address Management

• No ACL Management

• No VLAN Management

• No CLI

Automation Impact

Reduced attack surface | Opex reduction through simplification | Agility in the network

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

70% of attacks will use encryption in 2019

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Enhanced Network as a Sensor and Enforcer

Encrypted Traffic

Non-Encrypted

Traffic

Industry’s first network with ability to find threats in encrypted trafficAvoid, stop or mitigate threats faster then ever before | Real-time flow analysis for better visibility

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Infrastructure view of the data

Google Search

Firefox self-repair

Bestafera Malware

Global

Risk

Map

Initial Data

Packet

Sequence of Packet

Lengths and Times

Cognitive

Analytics

Malware Detection using Cognitive Analytics

All three elements reinforce each other inside the analytics engine using them.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

It’s No Longer a Problem Only for Security Teams

Security Networking

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

I N T E N T CONTEXT

S E C U R I T Y

L E A R N I N G

Powered by intent,

informed by context.

THE NETWORK.

INTUITIVE.