Cisco tec   chris young - security intelligence operations
Upcoming SlideShare
Loading in...5
×
 

Cisco tec chris young - security intelligence operations

on

  • 1,436 views

 

Statistics

Views

Total Views
1,436
Views on SlideShare
1,436
Embed Views
0

Actions

Likes
1
Downloads
50
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cisco tec   chris young - security intelligence operations Cisco tec chris young - security intelligence operations Presentation Transcript

    • Cisco InnovationSecurity Intelligence Operations(SIO)Chris Young, SVP, Security & GovernmentLee Jones, Principal Engineer, Security ApplicationsTechnical Editors Day May 24, 20121 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • | | 1st Router Integrated 1st Dual-Mode VPN Launch SecureX Security Client Strategy 1st Switch Security Blade SaaS Leader Cybercriminals Capitalize on Disaster 1990 2000 2010 Reputation Identity Services Pioneer Engine NAC Pioneer2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • COLLABORATION MOBILITY CLOUD THE NETWORK SECURITY THREAT LANDSCAPE3 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 4 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 5 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 6 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 7 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Secure Unified Threat Application Virtualization Access Defense Visibility & Control & Cloud Enabling Protecting Authorizing Securing Endpoint Network Content Cloud Transformation Edges Usage Transition Threat Intelligence (Visibility) Contextual Policy Management Network (Enforcement) Services (TS, AS, Partner) Ecosystem (Partners & Providers) Compliance (GRC)8 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Detect Protect Adapt Accurately Holistically Continuously9 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • SensorBase Threat Operations Center Dynamic Updates10 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 75 TB DATA RECEIVED PER DAY 1.6M GLOBALLY DEPLOYED DEVICES 13B WEB REQUESTS 150M GLOBALLY DEPLOYED ENDPOINTS 35% WORLDWIDE EMAIL TRAFFIC SensorBase Threat Operations Center Dynamic Updates11 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • $100M SPENT IN DYNAMIC RESEARCH 24x7x365 OPERATIONS AND DEVELOPMENT 600 ENGINEERS, TECHNICIANS 40+ LANGUAGES 80+ Ph.D.s, CCIE, CISSPs, MSCEs AND RESEARCHERS Threat Operations Center12 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 3 to 5 MIN UTE UPDATES 5,500+ IPS SIGNATURES PRODUCED 70 PUBLICATIONS PRODUCED 200 PARAMETERS TRACKED 8M RULES per DAY Dynamic Updates13 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Spam with Malware Directed Malicious Attachment Distributing Site Attack SensorBase Threat Operations Center Dynamic Updates14 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • CompetitorsContent Only 9:25am 9:45am 10:30amContent + Context Cisco SIO 15 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • SIO Content Security (WSA/ESA) Network Security Phishing (IPS/ASA) Email Users16 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Internal & 3rd Party Feeds • Best of the threat intelligence ecosystem: • Visibility into criminal networks • Leading AV Scanners Haiti Spear Phishing • ISPs, Hosting Providers, Registrars, etc. Same infrastructure was used for other attacks17 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Depth of SensorBase • Visibility into the widest threat telemetry database in the industry • Sensors in network security infrastructure and endpoints • History of domain registration Haiti Spear Phishing • Information across web, email and IPS/ASA Spike in spear phishing volume and malicious web traffic18 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Reputation • Determine risk of zero-day threats through a web of connections • Global data correlation across: • Source IP Haiti Spear Phishing • Hosts • Registrars and more Reputation filters tripped early, preventing the mutating threat from gaining traction19 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Change is constant: Blended attacks Signatures Multiple vectors Domains Sophisticated Hosts Persistent Registrars Evolving Content Block at the connection level with content and context. No matter when an attack comes in through any avenue20 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • SensorBase Threat Operations Center Dynamic Updates21 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • 22 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • Header AV Scanners scan the file. Based on Body of Objects industry-leading signatures, it is a clean file Cross-Ref Table Trailer23 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
    • After inspection we find • Security Feeds • Geolocation • Registrant Info • Registrar • Traffic Volume and Age • Sensor Info24 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.