Cisco Connect 2018 Indonesia - Cybersecurity Strategy

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cybersecurity Strategy: An Integrated Approach
Arief Santoso
Cyber Security Specialist, GSSO
April 2018

CISCO CONNECT 2018 . IT’S ALL YOU
Today’s Network Security Environment Is Complex

The Security Effectiveness Gap
Incremental Capabilities vs. Mountains of Complexity
The average enterprise is
using 50 or more security
products to protect its
environment
Imagine trying to
operationalize that many
components

What’s the Implication?
The Security Effectiveness Gap

Can You Guess What This Represents?

A Silver Bullet Does Not Exist!

Source: Internetworldstats.com

Indonesia – Internet Security Survey 2017 (APJII)

Promoting Cybersecurity Best Practices
People Process Technology
Framework covers all three

Cisco Cyber Security Value proposition
• Before-During-After
attack continuum
• Secure Architecture
Framework SAFE &
threat centric CVD
• Cisco Security
Technical Alliance
Threat
Centric
• Security Trust Org
• Government Affairs
• TALOS
• CSIRT
Collective Sec
Intelligence
Threat Centric approach with integrated Solutions & Services
Security
Services
• Advisory
• Assessment
• Arch & design
• Strategy
• Integration
• Integrate
• Migrate
• Optimize
• Managed
• Hosted
• managed
StealthWatch
TrustSec
NGFW
NGIPS
OpenDNS
AMP
FireSIGHT
AnyConnect
Integrated
Solutions
ASA
FirePower
ACI
APIC EM
Umbrella

Cisco’s Threat Centric Security Model
Attack Continuum
Before
Discover
Enforce
Harden
During
Detect
Block
Defend
After
Scope
Contain
Remediate
Network Endpoint Mobile Virtual Cloud Email and Web
Point in Time Continuous

Cisco’s Threat Centric Security Model
Aligning with the Framework Core
During
Detect
Block
Defend
After
Scope
Contain
Remediate
Identify
Before
Discover
Enforce
Harden
Protect Detect Respond Recover

Security Advisory Services
Security
Segmentation
High-Level Designs &
Strategy
Board and
Executives
Reporting & Metrics
Penetration Testing
Web, Mobile & Binary
Application
Assessments
Application and
Software Design; Cloud
Application
Cloud & Mobile
Strategy
Strategy Workshops
& Assessments
Incident Response
Emergency & Retainer
Proactive Services
Planning, Proactive
Threat Hunting & Table-
top Exercises
Red Team/Blue Team
Scenario based testing
Development
Code Review and
Threat Modeling
1. Strategy
2. Risk &
Compliance
3. Network
Security
4. Application
Security
5. Physical
&
Operational
6. Threat
Management
Information Security
Risk Assessments and
Program Development,
GDPR
Third Party
Due Diligence, Risk
Assessments
Compliance
PCI Readiness
Assessments, Health
Checks & Scanning,
ISO 27001
Penetration Testing
External and Internal
Network; Wireless
Network
Assessments
Network Architecture,
Vulnerability, Breakout
Infrastructure
Assessments
Cellular, VPN, VoIP
and Telephony
Security
Operations
Plan, Design and
Operate
Assessments
Voice & Email Phishing,
Device/Hardware
Development
Secure Developer
Training, DevOps
Assessment, Digital
Profiling

Source: https://www.nist.gov/itl/applied-cybersecurity/nice/about

End-to-End “Kill Chain” Defense
Infrastructure

The Cisco Security Architecture
Our Position AND the Reason We’re Here Today
Our Security Approach is Unique
• Integrate across the Cisco Security
suite of products
• Consolidate to include key vendor
• Automate detection and remediation

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Power of Context

Poor Visibility
Network with Only Perimeter Visibility
192.168.19.3
10.85.232.4
10.4.51.5
192.168.132.99
10.43.223.221
10.200.21.110
10.51.51.0/24
10.51.52.0/24
10.51.53.0/24
Internet
Many devices in your network
without visibility
Visibility available for traffic
transiting through perimeter

Insider Threat
Enabling Visibility Inside the Network 192.168.19.3
10.85.232.4
10.4.51.5
192.168.132.99
10.43.223.221
10.200.21.110
10.51.51.0/24
10.51.52.0/24
10.51.53.0/24
Internet
Cryptic network addresses that
may change constantly
Difficult to manage policy
without any context

Ideal State
Context-Based Visibility and Control Employee
Employee
Supplier
Quarantine
Shared
Server
Server
High Risk
Segment
Internet
Network Fabric
Allowed Traffic
Denied Traffic
Clear understanding of traffic
flow with context
Easier to create & apply policy
based on such context

Context Is Everything
Poor context awareness Rich context awareness
RESULT RESULT
IP ADDRESS: 192.168.2.101
UNKNOWN
UNKNOWN
UNKNOWN
UNKNOWN
UNKNOWN
John Doe (EMPLOYEE)
Windows 10 Workstation
Bank Vault
4:30 AM EST on APR 27
Wired
NO THREATS / VULNERABILITIES
UNKNOWN KNOWN
ROLE BASED ACCESSACCESS TO IP (ANY DEVICE / USER)
?
?
?

Context Enables Intelligent Policy Decisions
Who: Guest
What: iPad
Where: Office
Who: Receptionist
What: iPad
Where: Office
Internet
Confidential
Patient Records
Internal
Employee
Intranet
Who: Doctor
What: Laptop
Where: Office
Implement Granular Control on
Traffic, Users, and Assets
Enforce Business Role policies for
All Network Services
and Decisions
Define Security Groups and
Access Policies Based
on Business Roles

- Sherlock Holmes
“The world is full of obvious things
which nobody by any chance
ever observes”

Where Do We Derive Context?
ICAP NETFLOW DHCPSPANNMAP PCAP
RADIUS DHCPDNS Active Directory LDAPSNMPQUERY
Log FilesSYSLOG Event Streamers STIX/TAXII
StealthwatchISESIEM
(Splunk)
FMC
Sources of Context
Consumers of Context

Incident Response Complexity
Visibility and Context Key to Response and Agility
Potential
Breach
Event!
Security
Event
Associate User
to Event
AAA
Logs
Associate User to
Authorization
IAM
Check Endpoint
Posture
NAC
Where is it on
the Network?
???
What Kind of
Device is it?
???
How Do I
Mitigate?
???
???
???
Too Many Screens Data Overload Missing correlation Time Consuming

You Can’t Protect What You Can’t See
The Network Gives Deep and Broad Visibility
0101
0100
1011
0101
0100
1011
0101
0100
1011
0101
0100
1011

StealthWatch System Overview
NetFlow / NBAR / NSEL
Network
Devices
StealthWatch
FlowCollector
• Collect and analyze
• Up to 4000 sources
• Up to 240,000 flows per
second (FPS) sustained
SPAN
StealthWatch
FlowSensor
Generate
NetFlow
Non-NetFlow-
Capable Device
• Management and reporting
• Up to 25 FlowCollectors
• Up to 6 million FPS globally
StealthWatch
Management
Console

StealthWatch System integration with ISE
pxGrid
Real-Time Visibility into All Network Layers
• Data intelligence throughout network
• Discovery of assets
• Network profile
• Security policy monitoring
• Anomaly detection
• Accelerated incident response
Cisco® Identity
Services Engine Mitigation Action
Context Information
NetFlow
StealthWatch

Use Case

Cisco:
Security that
works together

Cisco positioned best for consolidation opportunity
Architecture1 OpenAPI/integration2
Best of
breed
Best of
need
Key consolidation requirements

Before consolidation – bad scenario

Before consolidation – good scenario

Point product approach fails
It takes an integrated architecture

Effective Security posture = Shortest TTD
Time
ResponseDetectionThreat

Stop Problems Before They Become CrisesImpacttothe
Business($)
credit card data
compromised
attack
identified
vulnerability
closed
attack
thwarted
early
warning
attack
identified
vulnerability
closed
attack
onset
STEALTHWATCH
REDUCES MTTK
Company with
StealthWatch
Company with
Legacy Monitoring
Tools
~70% of Incident Response is spent on MTTK
“Worm outbreaks impact revenue by up to $250k / hour.
StealthWatch pays for itself in 30 minutes.”
F500 Media Conglomerate
259% ROI
MTTK
Time

Cisco Connect 2018 Indonesia - Cybersecurity Strategy

Cisco Connect 2018 Indonesia - Cybersecurity Strategy

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cisco Connect 2018 Indonesia - Cybersecurity Strategy

Similar to Cisco Connect 2018 Indonesia - Cybersecurity Strategy (20)

More from NetworkCollaborators

More from NetworkCollaborators (14)

Recently uploaded

Recently uploaded (20)

Cisco Connect 2018 Indonesia - Cybersecurity Strategy

Editor's Notes