Upload
cisco-canada
View
358
Download
0
Embed Size (px)
Citation preview
Bell Sales Rally –January 2017
First line of defense for threats on the internetCisco Umbrella
AgendaProblemIntroducing Cisco Umbrella
Our customersNext steps
Problem
Workplace desktops
Business apps
Critical infrastructure
How IT was built Internet
Business appsSalesforce, Office 365,
DocuSign, etc.
Branch office
Critical infrastructureAmazon, Rackspace, Windows Azure, etc.
Roaming laptops
Workplace desktops
Business apps
Critical infrastructure
InternetIT today
By 2018, Gartner estimates:
25% of corporate data traffic will bypass perimeter security.
Your security challenges we can solve
Malware and ransomware
Gaps in visibility and coverage
Cloud apps and shadow IT
Difficult to manage security
Introducing Cisco Umbrella
Cisco UmbrellaCloud security platform
Built into the foundation of the internet
Intelligence to see attacks before launched
Visibility and protection everywhere
Enterprise-wide deployment in minutes
Integrations to amplify existing investments
MalwareC2 CallbacksPhishing
208.67.222.222
Where does Umbrella fit?MalwareC2 CallbacksPhishing
HQ
Sandbox
NGFW
Proxy
Netflow
AV AV
BRANCH
Router/UTM
AV AV
ROAMING
AV
First lineNetwork and endpoint
Network and endpoint
Endpoint
It all starts with DNS
Precedes file execution and IP connection
Used by all devices
Port agnostic
Built into foundation of internet
Umbrella provides:
Connection for safe requests
Prevention for user- and malware-initiated connections
Proxy inspection for risky URLs
Safe request
Blocked request
Prevents connections before and during the attack
Command and control callbackMalicious payload drop
Encryption keysUpdated instructions
Web- and email-based infectionMalvertising / exploit kit
Phishing / web linkWatering hole compromise
Stop data exfiltration and ransomware encryption
Malware doesn’t just happenIntelligence to see attacks before launched
Ransomware Web server
Email delivery Domain/IP
ATTACK 1
www
Malware Web server
Malvertising Domain/IP
ATTACK 2
www
Build. Test. Launch. Repeat.
Our view of the internet
80Brequests per day
12Kenterprise customers
65Mdaily active
users
160+countriesworldwide
Intelligence Statistical models
Co-occurrence modelIdentifies other domains looked up in rapid succession of a given domain
Natural language processing modelDetect domain names that spoof terms and brands
Spike rank modelDetect domains with sudden spikes in traffic
Predictive IP space monitoringAnalyzes how servers are hosted to detect future malicious domains
Dozens more models
2M+ live events per second
11B+ historical events
Our efficacy
3M+daily new
domain names
Discover
60K+daily malicious
destinations
Identify
7M+malicious destinations while resolving DNS
Enforce
Visibility and protection for all activity, anywhere
HQ
Mobile
Branch
Roaming
IoT
ALL PORTS AND PROTOCOLS
ON-NETWORK
OFF-NETWORK
Umbrella
All office locations
Any device on your network
Roaming laptops
Every port and protocol
IDENTITY REPORTS
Quickly spot and remediate victims
Top activity and categories per device or network
Allowed, blocked, and proxied traffic per device or network
DESTINATION REPORTS
Quickly assess extent of exposure
Top identities associated with malicious activity
Local vs. global trends for malicious domains
CLOUD SERVICES REPORT
Effectively combat shadow IT
Total and newly seen cloud services
Cloud apps by classification and traffic volume
Enterprise-wide deployment in minutes
ANY DEVICE ON NETWORK
ROAMING LAPTOP
On-network coverage With one setting change
Integrated with Cisco ISR 4K series
Off-network coverage
With AnyConnect VPN client integration Or with any VPN using lightweight Umbrella client
BRANCH OFFICES
Integrations to amplify existing securityBlock malicious domains from partner or custom systems
Umbrella
YOUR CURRENT SECURITY STACK
Appliance-based detection + Others
Threat intelligence platform + Others
AMP Threat GridThreat analysis feed + Others
Python Script Bro IPS Custom integrations + Others
IOCs
Our customers
“As FireEye sees a threats, it immediately updates Umbrella, which then protects all users on and off the network...we have seen a 4-5 fold decrease in alerts.”
Ron KeyserCIOATS Automation
“Deployed to 7 facilities in 5 countries in less than 3 hours. The ability to onboard with no client and no new physical appliance to manage...was a big advantage.”Markus SchwaigerIT Security AnalystHirschvogel Automotive
“As soon as we turned Umbrella on, we gained visibility into the traffic flows across our environment.”Mark ArnoldDirector of Information SecurityPTC
“Saved thousands of remediation hours with 70% decrease in virus-related tickets…saved thousands of dollars in ransom costs when it blocked a CryptoLocker callback.”Eric RockwellPresident and CIOcentrexIT
“As we assessed our security posture, we quickly realized that visibility was a major challenge and that most of our attacks started with DNS.”Henry DuongInfrastructure Security ManagerUniversity of Kansas Hospital
Integrations to extend security
Enterprise-wide deployment in minutes
Visibility everywhere
Intelligence to see attacks before launched
Built into the foundation of the internet
Real world results from five customers
Number of users and locations protected: 2.5K users across 7 facilities in Germany, Poland, India, China and the U.S.
Challenge:Secure a globally distributed network against potential threats.
Solution:Umbrella
Impact:• Up to 50% reduction in alerts from IPS and AV • Over 20% reduction in remediation time
AUTOMOTIVE SUPPLIER CASE STUDY
“Now that Umbrella has helped us become much more proactive, we’ve been able to invest resources in work that has more strategic value to the organization.”
Markus SchwaigerIT Security Analyst
Number of users and locations protected:8K end users across 7 major hubs worldwide, including U.S., South America, India, Singapore, and the U.K.
Challenge:Reduce malware infections, increase insight of potential threat sources, improve reporting.
Solution:Umbrella and Investigate
Impact:• Prevent malicious connections and data exfiltration• Extend protection with FireEye integration• Obtain intelligence on threat sources before attacks• Reduced reporting from hours to minute
SOFTWARE CASE STUDY
“It took less than ten minutes for us to point our DNS traffic to the Umbrella Global Network. We could protect our remote offices around the world in less than an hour and a half.”
Mark ArnoldDirector of Information Security
Enterprises worldwide use Umbrella
IT services Legal Manufacturing Retail Technology Telecom
Education Finance Government Healthcare InsuranceEnergy
UmbrellaStart blocking in minutes
Easiest security product you’ll ever deploy
Signup1
2 Point your DNS
3 Done