Cisco InnovationSecurity Intelligence Operations(SIO)Chris Young, SVP, Security & GovernmentLee Jones, Principal Engineer,...
|                                    |                1st Router Integrated                                               ...
COLLABORATION                     MOBILITY                                                                                ...
4   © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
5   © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
6   © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
7   © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Secure Unified    Threat                   Application        Virtualization                                              ...
Detect                                                           Protect          Adapt                  Accurately       ...
SensorBase                                            Threat Operations Center   Dynamic Updates10   © 2012 Cisco and/or i...
75 TB                                                                              DATA RECEIVED PER DAY                  ...
$100M                                                                 SPENT IN DYNAMIC RESEARCH                           ...
3 to 5                                                                 MIN UTE UPDATES                                    ...
Spam with                                                                  Malware              Directed               Mal...
CompetitorsContent Only                                                                                   9:25am    9:45am...
SIO                                                                                         Content                       ...
Internal & 3rd Party Feeds                     • Best of the threat intelligence                           ecosystem:     ...
Depth of SensorBase                     • Visibility into the widest threat                           telemetry database i...
Reputation                     • Determine risk of zero-day threats                           through a web of connections...
Change is constant:                                                                                                       ...
SensorBase                                            Threat Operations Center   Dynamic Updates21   © 2012 Cisco and/or i...
22   © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Header                                   AV Scanners                                   scan the file.                     ...
After inspection     we find     • Security Feeds     • Geolocation     • Registrant Info     • Registrar     • Traffic Vo...
Upcoming SlideShare
Loading in...5
×

Cisco tec chris young - security intelligence operations

1,224

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,224
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
57
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cisco tec chris young - security intelligence operations

  1. 1. Cisco InnovationSecurity Intelligence Operations(SIO)Chris Young, SVP, Security & GovernmentLee Jones, Principal Engineer, Security ApplicationsTechnical Editors Day May 24, 20121 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  2. 2. | | 1st Router Integrated 1st Dual-Mode VPN Launch SecureX Security Client Strategy 1st Switch Security Blade SaaS Leader Cybercriminals Capitalize on Disaster 1990 2000 2010 Reputation Identity Services Pioneer Engine NAC Pioneer2 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  3. 3. COLLABORATION MOBILITY CLOUD THE NETWORK SECURITY THREAT LANDSCAPE3 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  4. 4. 4 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  5. 5. 5 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  6. 6. 6 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  7. 7. 7 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  8. 8. Secure Unified Threat Application Virtualization Access Defense Visibility & Control & Cloud Enabling Protecting Authorizing Securing Endpoint Network Content Cloud Transformation Edges Usage Transition Threat Intelligence (Visibility) Contextual Policy Management Network (Enforcement) Services (TS, AS, Partner) Ecosystem (Partners & Providers) Compliance (GRC)8 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  9. 9. Detect Protect Adapt Accurately Holistically Continuously9 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  10. 10. SensorBase Threat Operations Center Dynamic Updates10 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  11. 11. 75 TB DATA RECEIVED PER DAY 1.6M GLOBALLY DEPLOYED DEVICES 13B WEB REQUESTS 150M GLOBALLY DEPLOYED ENDPOINTS 35% WORLDWIDE EMAIL TRAFFIC SensorBase Threat Operations Center Dynamic Updates11 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  12. 12. $100M SPENT IN DYNAMIC RESEARCH 24x7x365 OPERATIONS AND DEVELOPMENT 600 ENGINEERS, TECHNICIANS 40+ LANGUAGES 80+ Ph.D.s, CCIE, CISSPs, MSCEs AND RESEARCHERS Threat Operations Center12 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  13. 13. 3 to 5 MIN UTE UPDATES 5,500+ IPS SIGNATURES PRODUCED 70 PUBLICATIONS PRODUCED 200 PARAMETERS TRACKED 8M RULES per DAY Dynamic Updates13 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  14. 14. Spam with Malware Directed Malicious Attachment Distributing Site Attack SensorBase Threat Operations Center Dynamic Updates14 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  15. 15. CompetitorsContent Only 9:25am 9:45am 10:30amContent + Context Cisco SIO 15 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  16. 16. SIO Content Security (WSA/ESA) Network Security Phishing (IPS/ASA) Email Users16 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  17. 17. Internal & 3rd Party Feeds • Best of the threat intelligence ecosystem: • Visibility into criminal networks • Leading AV Scanners Haiti Spear Phishing • ISPs, Hosting Providers, Registrars, etc. Same infrastructure was used for other attacks17 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  18. 18. Depth of SensorBase • Visibility into the widest threat telemetry database in the industry • Sensors in network security infrastructure and endpoints • History of domain registration Haiti Spear Phishing • Information across web, email and IPS/ASA Spike in spear phishing volume and malicious web traffic18 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  19. 19. Reputation • Determine risk of zero-day threats through a web of connections • Global data correlation across: • Source IP Haiti Spear Phishing • Hosts • Registrars and more Reputation filters tripped early, preventing the mutating threat from gaining traction19 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  20. 20. Change is constant: Blended attacks Signatures Multiple vectors Domains Sophisticated Hosts Persistent Registrars Evolving Content Block at the connection level with content and context. No matter when an attack comes in through any avenue20 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  21. 21. SensorBase Threat Operations Center Dynamic Updates21 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  22. 22. 22 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  23. 23. Header AV Scanners scan the file. Based on Body of Objects industry-leading signatures, it is a clean file Cross-Ref Table Trailer23 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  24. 24. After inspection we find • Security Feeds • Geolocation • Registrant Info • Registrar • Traffic Volume and Age • Sensor Info24 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×