Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Story Tweedie-Yates
Product Marketing Manager – Cisco Web Security
February 16, 2016
Protection for the top two attack vec...
Top 2 attack vectors
Threats from a user’s perspective
Before, during and after: a security framework
Cisco Web and Email ...
Top 2 Attack Vectors
Exposure – web blocks
82,000 Virus Blocks
181 Million Spyware Blocks
818 Million Web Blocks
Daily Web Breakdown
Daily
Year...
Exposure- email blocks
Large Attack Surface
Attackers:
A growing appetite
to leverage targeted
phishing campaigns
Example: Snowshoe SPAM attack
SPAM up
250%
Attack su...
Attack surface – web browsers
More than
85%of the companies studied
were affected each month
by malicious browser
extensio...
Users becoming complicit
enablers of attacks
Untrustworthy sources
Clickfraud and Adware
Outdated browsers
10% 64%
IE requ...
Attackers:
Shifts in the attack vectors
Java
Silverlight
PDF
Flash
Java drop 34%
Silverlight
rise 228%
PDF and Flash stead...
Attack surface – web protocol
Encrypted traffic is increasing. It represents over 50% of bytes transferred.
Individual Pri...
Low Barriers to Entry
Attackers:
Malvertising is on the rise: low-limit
exfiltration makes infection hard to
detect
In October 2014, there is a ...
Exploit Kits, e.g. Cryptowall version 4
• Notorious ransomware
• Version 1 first seen in 2014
• Distributed via Exploitkit...
Threats from a user’s
perspective
Web and email are portable
Mobile Coffee shop Corporate Home Airport
Sample attacking: Joe CFO
Waiting for his plane
Meet Joe. He is heading home for a
well deserved vacation.
He’s catching u...
Sample attacking: Joe CFO
Checks his email
Joe just got an email from
his vacation resort.
Your Tropical Getaway
Joe,
Than...
Sample attacking: Joe CFO
Instinctively, he clicks on the link
No problem, right? Everything looks
normal.
The site may ev...
Sample attacking: Joe CFO
Joe is now infected
Joe opens the link and the resort
video plays.
Although he doesn’t know it, ...
Today’s cyber-threat reality
Hackers will likely
command and control
your environment via web
You’ll most likely be
infect...
Before, during and after: a
security framework
The Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in Time ContinuousThreat Intelligence
X
DURING
Detect
Blo...
Key:
Cisco Web Security
After
Outbreak
Intelligence
Reporting
Log Extraction
Management
Allow Warn Block Partial Block
HQ
...
Cisco Email Security
Reporting
Message
Track
Management
Allow Warn
Admin
HQ
Anti-Spam
and
Anti-Virus
Mail Flow
Policies
Da...
 1.1 million file samples per day
 AMP community
 Advanced Microsoft
and industry disclosures
 Snort and ClamAV open s...
Cisco Web and Email
Security tour
Complete
Solution
Pervasive
Continuous
Always On
28© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confiden...
Strategic Imperatives
Network-Integrated,
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection,...
Email and Web Security new feature tour
map
Cloud Web Security (CWS) Web Security Appliance
(WSA)
Email Security Appliance...
Visibility Driven
Internet
MDM
Solution
Scancenter
Policy
CWS
Mobile
Browser
Identity Services
Engine Integration
And Extending User Identity and Context
Acquires important context
and identity from ...
Admin
HQ
Traffic
Redirections
Get the Intelligence You Need
Over 10,000 Report Variations
Customize
Dashboards
70+ pre-
de...
Web Interaction Tracking
Enabling tracking of URLs rewritten by policy
G
App 1 App 2 App 5App 3
App 4
App 6 App 7
Rewritte...
Threat Focused
Here’s an example of how CTA works
Near real-time processing
1K-50K incidents per day10B requests per day +/- 1% is anomal...
Graymail management
Threat Defense Security Graymail Detection
Bulk
Social
Network
Marketing
Quarantine
• Whitelist – Allo...
Anti-Snowshoe Enhancements
Enhanced contextual awareness for the anti-spam
engine, with unique cloud-based Bayesian learni...
Platform Based
Unified Reporting
With unified reporting and policy
management
Unified Policies
Roaming user HQ
Cloud Web Security
Graphic...
Hybrid Email
Email Encryption
Zix Gateway with Cisco Technology
Automate encryption
for employees
Automate delivery to
the most secure,...
Cisco Unified Computing
System (Cisco UCS)
190
New Web and Email Security Hardware
Platform
390 690
New Hardware Platforms
• Security Management Appliance
• Web Security Appliance
WSA-S170
WSA-S380
WSA-S680
WSA-S190
WSA-S3...
Backhauling
Traffic $$$
HeadquartersBranch
Internet
ISR 4k
Save money on bandwidth in your branch
Direct Internet
Access w...
Cisco Web and Email Security roadmap
Visibility Driven Threat Focused Platform Based
Recent
Releases
Email Web Interaction...
Demos
New CWS GUI
CTA
Email Innovations
Web security customer requirements
Large amounts of https traffic
Detailed web and HR
reporting
Need for deep inspection
a...
Get Started Today with Cisco
Learn more on the website1
See and share what’s new2
Ask for your free trial3
Cisco Web and Email Security Overview
Upcoming SlideShare
Loading in …5
×

Cisco Web and Email Security Overview

20,743 views

Published on

The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy

Published in: Technology
  • Be the first to comment

Cisco Web and Email Security Overview

  1. 1. Story Tweedie-Yates Product Marketing Manager – Cisco Web Security February 16, 2016 Protection for the top two attack vectors Cisco Web and Email Security
  2. 2. Top 2 attack vectors Threats from a user’s perspective Before, during and after: a security framework Cisco Web and Email Security tour Demos Get Started Agenda
  3. 3. Top 2 Attack Vectors
  4. 4. Exposure – web blocks 82,000 Virus Blocks 181 Million Spyware Blocks 818 Million Web Blocks Daily Web Breakdown Daily Yearly 19.7 Billion 7.2 Trillion Total Threats Blocked
  5. 5. Exposure- email blocks
  6. 6. Large Attack Surface
  7. 7. Attackers: A growing appetite to leverage targeted phishing campaigns Example: Snowshoe SPAM attack SPAM up 250% Attack surface - email
  8. 8. Attack surface – web browsers More than 85%of the companies studied were affected each month by malicious browser extensions
  9. 9. Users becoming complicit enablers of attacks Untrustworthy sources Clickfraud and Adware Outdated browsers 10% 64% IE requests running latest version Chrome requests running latest version vs Attack surface – user error on web
  10. 10. Attackers: Shifts in the attack vectors Java Silverlight PDF Flash Java drop 34% Silverlight rise 228% PDF and Flash steady Log Volume 2015 Cisco Annual Security Report Attack surface – web applications
  11. 11. Attack surface – web protocol Encrypted traffic is increasing. It represents over 50% of bytes transferred. Individual Privacy Government Compliance Organizational Security The growing trend of web encryption creates a false sense of security and blind spots for defenders https://
  12. 12. Low Barriers to Entry
  13. 13. Attackers: Malvertising is on the rise: low-limit exfiltration makes infection hard to detect In October 2014, there is a spike of 250% Compromising without clicking
  14. 14. Exploit Kits, e.g. Cryptowall version 4 • Notorious ransomware • Version 1 first seen in 2014 • Distributed via Exploitkits and Phishing Emails • Fast Evolution CRYPTOWALL 4.0
  15. 15. Threats from a user’s perspective
  16. 16. Web and email are portable Mobile Coffee shop Corporate Home Airport
  17. 17. Sample attacking: Joe CFO Waiting for his plane Meet Joe. He is heading home for a well deserved vacation. He’s catching up on email using the airport Wi-Fi while he waits for his flight.
  18. 18. Sample attacking: Joe CFO Checks his email Joe just got an email from his vacation resort. Your Tropical Getaway Joe, Thank you for choosing us. We look forward to seeing you. Before your arrival, please verify your informationhere: www.vacationresort.com Best, Resort Team
  19. 19. Sample attacking: Joe CFO Instinctively, he clicks on the link No problem, right? Everything looks normal. The site may even be a trusted site, or maybe a site that is newly minted. Your Tropical Getaway Joe, Thank you for choosing us. We look forward to seeing you. Before your arrival, please verify your informationhere: www.vacationresort.com Best, Resort Team
  20. 20. Sample attacking: Joe CFO Joe is now infected Joe opens the link and the resort video plays. Although he doesn’t know it, Joe’s machine has been compromised by a Silverlight based video exploit. The malware now starts to harvest Joe’s confidential information: • Passwords • Credentials • Company access authorizations
  21. 21. Today’s cyber-threat reality Hackers will likely command and control your environment via web You’ll most likely be infected via email Your environment will get breached
  22. 22. Before, during and after: a security framework
  23. 23. The Attack Continuum Network Endpoint Mobile Virtual Cloud Point in Time ContinuousThreat Intelligence X DURING Detect Block Defend AFTER Scope Contain Remediate BEFORE Discover Enforce Harden
  24. 24. Key: Cisco Web Security After Outbreak Intelligence Reporting Log Extraction Management Allow Warn Block Partial Block HQ Client Authentication Methods Talos www CWS Only WSA / WSAv Only Web Filtering Web Reputation Application Visibility & Control Webpage www.website.com Anti- Malware File Reputation File Sandboxing File Retrospection Cognitive Threat Analytics DLP Integration Hybrid CWS WSA Roaming UserBranch Office WCCP ASA Load Balancer WSA PBR ISR G2 AnyConnect AnyConnectExplicit/PAC Explicit/PAC Traffic Redirection Methods Campus Office BYOD User Admin WSA X X X X X X ISR 4k
  25. 25. Cisco Email Security Reporting Message Track Management Allow Warn Admin HQ Anti-Spam and Anti-Virus Mail Flow Policies Data Loss Protection Encryption Before DuringX XX X Inbound Email Outbound Email Cisco Appliance Virtual Talos Block Partial Block Outbound Liability Before AfterDuring Tracking User click Activity (Anti-Phish) File Sandboxing & Retrospection X X XXX Cloud Content Controls X Email Reputation Acceptance Controls File Reputation Anti-Spam Anti-Virus Outbreak Filters X Mail Flow Policies Graymail Management Safe Unsubscribe X Anti-PhishThreatGrid URL Rep & Cat
  26. 26.  1.1 million file samples per day  AMP community  Advanced Microsoft and industry disclosures  Snort and ClamAV open source communities  AMP TG Intelligence  AEGIS™ program  Private and public threat feeds  10 million files per month - AMP TG Dynamic analysis Talos: before, during and after 10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00 I00I III0I III00II 0II00II I0I000 0110 00 1010000II0000III000III0I00IIIIII0000III0 1100001110001III0I00III0IIII00II0II00II101000011000 100III0IIII00II0II00III0I0000II000 Cisco® Talos Threat Intelligence Research Response ESA/WSA/CWS Email Endpoints Web Networks IPS Devices WWW 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 600+ engineers, technicians, and researchers 35% worldwide email traffic 13 billion web requests 24x7x365 operations 40+ languages
  27. 27. Cisco Web and Email Security tour
  28. 28. Complete Solution Pervasive Continuous Always On 28© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Feature Tour Map
  29. 29. Strategic Imperatives Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advanced Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management EndpointNetwork Mobile Virtual Cloud Visibility-Driven Threat-Focused Platform-Based
  30. 30. Email and Web Security new feature tour map Cloud Web Security (CWS) Web Security Appliance (WSA) Email Security Appliance (ESA) Cloud Email Security (CES) Cognitive Threat Analytics Web Interaction Tracking Anti-snowshoe Unified Reporting/Policy Visibility-Driven Graymail X90 hardware ISE Integration Hybrid Email GUI Mobile Browser ISR 4k Connector Zix Encryption Threat Focused Platform Based
  31. 31. Visibility Driven
  32. 32. Internet MDM Solution Scancenter Policy CWS Mobile Browser
  33. 33. Identity Services Engine Integration And Extending User Identity and Context Acquires important context and identity from the network Monitors and provides visibility into unauthorized access Provides differentiated access to the network Cisco TrustSec® provides segmentation throughout the network Cisco Web Security Appliance provides web security and policy enforcement Available only on WSA Confidential Patient Records Internal Employee Intranet Who: Guest What: iPad Where: Office Who: Doctor What: iPad Where: Office Internet Who: Doctor What: Laptop Where: Office WSA Consistent Secure Access Policy Cisco® Identity Services Engine
  34. 34. Admin HQ Traffic Redirections Get the Intelligence You Need Over 10,000 Report Variations Customize Dashboards 70+ pre- defined reports Quick Analysis  High-level overview with customizable widgets  One-click drill down into widgets  Customized login screen for each admin
  35. 35. Web Interaction Tracking Enabling tracking of URLs rewritten by policy G App 1 App 2 App 5App 3 App 4 App 6 App 7 Rewritten URL: 2asyncfs.com Click Time: 09:23:25 12 Jan 2015 Re-write reason: Outbreak Action taken: Blocked Rewritten URL: 5asynxsf.com Click Time: 11:01:13 09 Mar 2015 Re-write reason: Policy Action taken: Allowed Rewritten URL: 8esynttp.com Click Time: 16:17:44 15 Jun 2015 Re-write reason: Outbreak Action taken: Blocked User A User B User C Potentially malicious URLs Filtering Rewritten URLs Monitor users from a single pane of glass
  36. 36. Threat Focused
  37. 37. Here’s an example of how CTA works Near real-time processing 1K-50K incidents per day10B requests per day +/- 1% is anomalous 10M events per day HTTP(S) Request Classifier X Classifier A Classifier H Classifier Z Classifier K Classifier M Cluster 1 Cluster 2 Cluster 3 HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request Cluster 1 Cluster 2 Cluster 3 HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) RequestHTTP(S) Request HTTP(S) Request HTTP(S) RequestHTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) RequestHTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request Anomaly Detection Trust Modeling Classification Entity Modeling Relationship Modeling HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request HTTP(S) Request CONFIRMED threats (spanning multiple users) DETECTED threats (unique)
  38. 38. Graymail management Threat Defense Security Graymail Detection Bulk Social Network Marketing Quarantine • Whitelist – Allow Sender • Blacklist – Block Sender • Release – Safe unsubscribe Block Add Safe Unsubscribe Link Verdict Request Reputation Filter Anti-spam Anti-virus Advanced Malware Protection
  39. 39. Anti-Snowshoe Enhancements Enhanced contextual awareness for the anti-spam engine, with unique cloud-based Bayesian learning Increase automation and auto-classification of emails for faster response Global expansion of sensor coverage for early visibility “Building on the multi-layer defense strategy for effective protection against snowshoe spam”
  40. 40. Platform Based
  41. 41. Unified Reporting With unified reporting and policy management Unified Policies Roaming user HQ Cloud Web Security Graphical User Interface WSA Roaming user HQ Web Security Reporting Application WSA    
  42. 42. Hybrid Email
  43. 43. Email Encryption Zix Gateway with Cisco Technology Automate encryption for employees Automate delivery to the most secure, most convenient method Exchange encrypted email transparently Provide the optimal mobile experience
  44. 44. Cisco Unified Computing System (Cisco UCS) 190 New Web and Email Security Hardware Platform 390 690
  45. 45. New Hardware Platforms • Security Management Appliance • Web Security Appliance WSA-S170 WSA-S380 WSA-S680 WSA-S190 WSA-S390 WSA-S690 SMA-M170 SMA-M380 SMA-M680 SMA-M190 SMA-M390 SMA-M690 = PerformanceIncreased memory Raw disk storage capacity + Central Processing Units (CPUs)
  46. 46. Backhauling Traffic $$$ HeadquartersBranch Internet ISR 4k Save money on bandwidth in your branch Direct Internet Access with GRE over IPSec
  47. 47. Cisco Web and Email Security roadmap Visibility Driven Threat Focused Platform Based Recent Releases Email Web Interaction Tracking Email Graymail Management WSA with CTA ZCT Email Encryption WSA and CWS Unified Policy Email and Web Appliance New Hardware CWS Mobile Browser Hybrid Email Current Projects Email DLP Auto-remediation for 0365 (Email) Threat Grid Integration (CWS) Hybrid Web Security Future Chromebook Support (CWS) Http 2.0 (WSA) Email Shortlinks Integration with Firepower Management Center (WSA) Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
  48. 48. Demos New CWS GUI CTA Email Innovations
  49. 49. Web security customer requirements Large amounts of https traffic Detailed web and HR reporting Need for deep inspection and control with AVC Name Password OK Cancel ******* Login_ID Corporate network Proxy Roaming user https
  50. 50. Get Started Today with Cisco Learn more on the website1 See and share what’s new2 Ask for your free trial3

×