Upload
cybera-inc
View
205
Download
2
Tags:
Embed Size (px)
DESCRIPTION
A presentation for the Innovation in the Post-Heartbleed session at the 2014 Cyber Summit by Jason Maynard, Security Consulting Systems Engineer at CISCO.
Citation preview
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Jason Maynard Security Consulting Systems Engineer CCIE# 29033, [CCN|I|D|P], SFCE, CEH
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda:
• Time for a Better Approach
SECURITY
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The Industrialization of Hacking
1990 2020 2015 2010 2005 2000 1995
Phishing, Low Sophistication
Hacking Becomes an Industry
Sophisticated Attacks, Complex
Landscape
Viruses 1990–2000
Worms 2000–2005
Spyware and Rootkits 2005–Today
APTs Cyberware Today +
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
How Bad – 2013 and Beyond
145 Million 152 Million
70 Million
60 Million
50 Million
50 Million and a lot more!!!!!!
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Needs to be a Better Approach
Current approach has never worked!
Imagine – Security as an Architecture
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
The New Security Model
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block
Defend
DURING
Point in Time Continuous
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Cyber Attack Chain
Recon Weaponization Deliver Exploit Install CnC Actions
BEFORE Discover Enforce Harden
AFTER Scope
Contain Remediate
During Detect Block
Prevent
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Actual Disposi-on = Bad = Blocked
An-virus Sandboxing
Ini-al Disposi-on = Clean
Point-‐in-‐-me Detec-on
Retrospec-ve Detec-on, Analysis Con-nues
Ini-al Disposi-on = Clean
Con-nuous
Blind to scope of compromise
Sleep Techniques Unknown Protocols
Encryption
Polymorphism
Actual Disposi-on = Bad = Too Late!!
Turns back 5me Visibility and Control are Key
Not 100%
Analysis Stops Beyond the Event Horizon Addresses limitations of point-in-time detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Leverage Openness and the Broader Community
OpenAppID
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Visibility Control
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 101000 0110 00 0111000 111010011 101 1100001 11000
CiscoSecurity Intelligence Operation (SIO)
Cisco® SIO
WWW Email Web Devices
IPS Endpoints Networks
More Than 150 Million DEPLOYED ENDPOINTS
100 TB DATA RECEIVED PER DAY
1.6 Million GLOBAL SENSORS
40% WORLDWIDE EMAIL TRAFFIC
13 Billion WEB REQUESTS
Cloud AnyConnect® IPS
ESA WSA ASA WWW
3 to 5 MINUTE UPDATES
More Than 200 PARAMETERS TRACKED
More Than 5500 IPS SIGNATURES PRODUCED
More Than 8 Million RULES PER DAY
More Than 70 PUBLICATIONS PRODUCED
Information Actions
More Than 40 LANGUAGES
More Than 80 PH.D, CCIE, CISSP, MSCE
More Than $100 Million
SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT
24 Hours Daily OPERATIONS
More Than 800 ENGINEERS, TECHNICIANS,
AND RESEARCHERS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Collective Security Intelligence
IPS Rules
Malware Protection
Reputation Feeds
Vulnerability Database Updates
Sourcefire AEGIS™ Program
Private and Public
Threat Feeds Sandnets FireAMP™
Community Honeypots
Advanced Microsoft
and Industry Disclosures
SPARK Program Snort and ClamAV
Open Source Communities
File Samples (>380,000 per Day)
Sourcefire VRT®
(Vulnerability Research Team)
Sandboxing Machine Learning
Big Data Infrastructure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
The better you can protect……….
The More You See
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Questions