Cisco Connect 2018 - Vietnam

1. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Brian Cotaz
Consulting Systems Engineer
bcotaz@cisco.com
Cybersecurity Strategy:
An Integrated Approach

4. Can anyone guess what year this is?

5. 12 gflops 142 gflops
Deep Blue

6. Year 1986

7. 25 years later..

8. Cryptolocker Ransomware 2014

9. Cryptolocker Ransomware: $30 Million in Ransom

10. Cryptolocker and Operation Tovar: June 2,2014

11. After 3 days..

12. After 3 days..

13. After 1 month..

14. 1.5 Years later, now on version 4!

15. Even the best of the best gets hacked..

16. Toilet
Urinal
Stall
Door
The checklist mentality

17. Are we secure yet?

18. False sense of security

20. Time
ResponseDetectionThreat
Is my security posture effective?

21. UTM
Network
Analytics
Advanced Malware
Secure Internet Gateway
WebW W W
Policy and Access
Email
NGFW/ NGIPS
Cloud Access Security
Best of Breed Portfolio

22. 1.6M19.7BDaily Security Intelligence
Daily Threats Blocked
Deployed Security Devices
Daily Malware
Sandbox Reports
120TB
Security
Intelligence
1.6M
Deployed
Devices
19.7B
Threats
Blocked
150,000
Micro-
applications
1,000
Applications
93B
Daily Email
Messages
35%
Enterprise
Email
13B
Web
Requests
150M
Deployed
Endpoints
3-5
min
Updates
Cisco Security Intelligence
Global Visibility
Global Footprint
5B
Daily Email
Connections
4.5B
Daily Email
Blocks
14M
Deployed
Access
Gateway
75,000
FireAMP
Updates
6,000
New Clam
AV Sigs
1.1M
Sandbox
Reports
World Class Threat Intelligence

23. Network
ISR/ASR
Advanced
Malware
Umbrella
Web
W W W
ISE
Email
NGFW/
NGIPS
Threat Grid
Stealthwatch
Event
Threat Intel
Policy
Context
Meraki
Cloudlock
Integrated Architecture

24. Network
ISR/ASR
Advanced
Malware
Umbrella
Web
W W W
ISE
Email
NGFW/
NGIPS
Threat Grid
Stealthwatch
Event
Threat Intel
Policy
Context
Meraki
Cloudlock
Integrated Architecture

25. Rapid Threat Containment (RTC)
With Firepower Management Center (FMC) and ISE
Initial compromise Detection
Protect critical data, by stopping attacks faster, based on real-time threat intelligence
Internet
Enterprise
Network
Monetize theft
Time To Detection (TTD): 100-200 days - http://bit.ly/cisco-asr-2016Problem
Infection spread
Data hoarding
Data exfiltration
100 – 200 days Initial compromise Containment
Internet
Solution
PxGrid
Enterprise
Network
Sensor
- AMP/
- NGIPS/
- ASA
(wFirePOWER)
EPS: Quarantine
(over PxGrid)
COA
Minutes
FMC
ISE
TrustSec
segmentation
Rapid Threat Containment

26. Network
ISR/ASR
Advanced
Malware
Umbrella
Web
W W W
ISE
Email
NGFW/
NGIPS
Threat Grid
Stealthwatch
Event
Threat Intel
Policy
Context
Meraki
Cloudlock
Integrated Architecture
Detect the C&C
Which File could it
be coming from?
And what does it
do?

27. 27
Umbrella and Threatgrid Integration

28. 28
Backup Slide: Umbrella and Threatgrid Integration
C&C
File
Hash

29. 29
Backup Slide: Umbrella and Threatgrid Integration
File
Analysis
Report

30. Network
ISR/ASR
Advanced
Malware
Umbrella
Web
W W W
ISE
Email
NGFW/
NGIPS
Threat Grid
Stealthwatch
Event
Threat Intel
Policy
Context
Meraki
Cloudlock
Integrated Architecture
Detect the C&C
Who else is
infected?
Which File could it
be coming from?
And what does it
do?

31. 31
AMP Visibility Interface

32. 32
Backup Slide: AMP Visibility

33. 33
Backup Slide: AMP Visibility

34. Summary
• Threats has become more
sophisticated
• We cannot solve this problem using
point product approach
• It will only increase complexity
• Cisco Security Approach
• Best of Breed Portfolio
• Integrated Architecture