• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cyber Security

Cyber Security






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Cyber Security Cyber Security Presentation Transcript

    • Cyber Security:Threats and CountermeasuresKah-Kin HoHead of Cyber Security Business DevelopmentGlobal Government Solutions Group9th Oct 2012© 2011 Cisco and/or its affiliates. All rights reserved. 1
    • Agenda Threat Landscape – Technical, Social, Political Lead Methodology Cisco Security Intelligence Operations Concluding Remarks 2
    • Recent Trends Security conscious users are targeted. Bad guys getting better in evading detection. Legitimate sites used by bad guys for profit making activities. Overwhelming AV companies. Social networks targeting. 3
    • Legitimate alert 4
    • Copied Alert 5
    • Which one is real? 6
    • Or this ? 7
    • They are all Fake. 8
    • Intelligence Evasion
    • Intelligence Evasion
    • $ echo "aHR0cDovL2JpdC5seS9SNlNUViAgaHR0cDovL2JpdC5seS8yS29Ibw==" | openssl base64 -dhxxp://bit.ly/R6STV hxxp://bit.ly/2KoH
    • 12
    • Unique Malware Content 13
    • The Facebook Vector
    • Hackerville: The Romanian cybercriminalhotspot Râmnicu Vâlcea
    • Tallinn Estonia 2007
    • Russia – Georgia War 2008
    • China’s Emergence
    • Motivation: Status and Ego
    • Lead Capacity Resource surge capacity Degraded organization capacityMethodology Shock Normality line event Impact reduction Respond Recover
    • Picking a Needle out of a HaystackCustomized ThreatBypasses Security Customized Threat Gateways Enters from Inside Firewall Threat Spreads Inside Perimeter IPS N-AV Threat Spreads to Devices Web Sec Email Sec Perimeter security stops many threats but Sophisticated Cyber Threats Evade Existing Security Constructs Fingerprints of Threat are Found Only in Network Fabric
    • Detection is key to Respond and Recover 25
    • Cisco Cyber Threat Defense NetFlow Stealth ISE Watch Threat Profile
    • Cisco Cyber Threat Defense Traffic: P2P Destination: badsite.com Reputation: -6 Threat Malware: Zeus User: Jane Smith Access Group: Guest Device: Laptop Context Location: Campus HQ Access Method: Wireless User: John Doe Access Group: Finance Threat Device: Android Phone Context Profile Location: Remote Access Method: VPN
    • Lead Methodology Resource surge capacity Degraded organization capacity Capacity shock Normality event Likelihood of Attack and Vulnerability Reduction Impact Reduction Prevent Prepare Detection Respond Recover Intelligence-led approach Cisco Security Intelligence Operation
    • SensorBase Threat Operations Center Dynamic Updates
    • Security Support Operations Current SSO Presence in the Following Regions: • California • Texas • Ohio • Idaho • China • Ukraine • UK • Canada • India • AustraliaLanguages: Arabic, Farsi/Persian, Hebrew, Syriac, Urdu, Bengali, Gujarati, Gurmukhi, Hindi, Marathi, Sinhala, Tamil, Thai, Chinese, Japanese, Korean,Belarusian, Bulgarian, Kazakh, Macedonian, Russian, Ukrainian, Greek, Armenian, Georgian, Basque, Catalan, Croatian, Czech, Danish, Dutch,English, Estonian, Filipino, Finnish, French, German, Hungarian, Icelandic, Indonesian, Italian, Malay, Norwegian, Polish, Portuguese, Romanian,Slovak, Slovene, Spanish, Swedish, Turkish, Vietnamese
    • Global Context: Data Makes a Difference Cisco SIO Context Aware Policy Nexus 1K and Cloud Connected Network AnyConnect TrustSec TrustSec Cisco Aware Enforcement Context Infrastructure Network Application Programming Interfaces Management Services Partners
    • Context Inspection• Where’s it coming from? From• How many others have seen it? :Aunt Jenny 234 Any St.• How new is it? Anytown, CA• Who owns the package?• What else have they sent us?• Is the sender even a real person?
    • Deny 13. Allow Everything Else.
    • Feeds Endpoint Email TelemetryWeb Corpora Should-i-go-here.com IPS Cloud Human Intel Firewall
    • Targeted attacks 42
    • Cisco
    • Concluding Remarks