Nikos Mourtzinos, CCIE #9763
Cisco Cyber Security Sales Specialist
March 2018
How to build a multi-layer
Security Architecture
to detect and remediate threats
in real time
Cisco Strategy
Umbrella
AMP for Endpoints
Multi-layer Security Architecture
Agenda
Cisco Integrated Security Architecture
Vision
???
Strategy Hardware Software
Execution
Metrics
Cisco Integrated Security Architecture
Vision
???
Strategy Hardware Software
Execution Threat
Prevention
Metrics
Cisco Integrated Security Architecture
Vision
???
Strategy Hardware Software
Execution Threat
Prevention
Metrics Perimeter Endpoint
Cisco Integrated Security Architecture
Vision
???
Strategy Hardware Software
Execution Threat
Prevention
Detection
Metrics Perimeter Endpoint
Cisco Integrated Security Architecture
Vision
???
Strategy Hardware Software
Execution Threat
Prevention
Detection
Metrics Perimeter Endpoint Internal Network Cloud
Cisco Integrated Security Architecture
Vision
Security Everywhere
Strategy Hardware Software Xware
Execution Threat
Prevention
Detection Containment Response
Metrics Perimeter Endpoint Internal Network Cloud
Most Security Vendors – Legacy Architecture
Vision
???
Strategy Hardware Software Xware
Execution Threat
Prevention
Detection Containment Response
Metrics Perimeter Endpoint Internal Network Cloud
All Cyber Security Startups
Vision
Strategy Hardware Software Xware
Execution Threat
Prevention
Detection Containment Response
Metrics Perimeter Endpoint Internal Network Cloud
Cisco Integrated Security Architecture
Vision
Security Everywhere
Strategy Hardware Software Xware
Execution Threat
Prevention
Detection Containment Response
Metrics Perimeter Endpoint Internal Network Cloud
Cisco Umbrella
Vision
Cisco Umbrella
Strategy Hardware Software Xware
Execution Threat
Prevention
Detection Containment Response
Metrics Perimeter Endpoint Internal Network Cloud
Cisco AMP for Endpoints
Vision
Cisco AMP for Endpoints
Strategy Hardware Software Xware
Execution Threat
Prevention
Detection Containment Response
Metrics Perimeter Endpoint Internal Network Cloud
By 2018, Gartner estimates:
25% of corporate
data traffic will bypass
perimeter security.
DNS is used by
every device on
your network.
It all starts with DNS
Umbrella
Cisco.com 72.163.4.161
DNS = Domain Name System
First step in connecting to the
internet
Precedes file execution and IP
connection
Used by all devices
Port agnostic
Key points
Visibility and
protection
everywhere
Deployment in
minutes
Integrations to
amplify existing
investments
208.67.222.222
Umbrella (OpenDNS)
The fastest and easiest way to block threats
Malware
C2 Callbacks
Phishing
and Here
AMP
AMP AMP
FIREPOWER
AMP AMP
FIREPOWER
Here
HereHere
Here
Here
HQ
Branch Branch
Roaming
Off-net
AMP
Internet
LANCOPE
AMP 4 FP
FIREPOWER
AMP AMP
AMPAMP
AMP
AMP
Here
Suspicious
Domain Owner
Server in High
Risk Location
Dynamic IP
Address
Domain
Registered
< 1 Min
192.1.0.68
example
.com
Example.org17.0.2.12 BeijingLondonSan JoseKiev HTTPSSLHTTPS
Domain
Registered
> 2 Year
Domain
Registered
< 1 Month
Web server
< 1 Month
Who HowWhere When
111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010
01 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011
0 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011
-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10
IP Reputation Score
Statistical Models
Co-occurrence model
Identifies other domains looked up in
rapid succession of a given domain
Natural language processing model
Detect domain names that spoof terms and
brands
Spike rank model
Detect domains with sudden
spikes in traffic
Predictive IP space monitoring
Analyzes how servers are hosted
to detect future malicious domains
Dozens more models
2M+ live events per second
11B+ historical events
Co-occurrence model
Domains guilty by inference
a.com b.com c.com x.com d.com e.com f.com
time - time +
Co-occurrence of domains means that a statistically significant number of identities
have requested both domains consecutively in a short timeframe
Possible malicious domain Possible malicious domain
Known malicious domain
Spike rank model
Patterns of guilt
y.com
DAYS
DNSREQUESTS
Massive amount
of DNS request
volume data is
gathered and
analyzed
DNS request volume matches known
exploit kit pattern and predicts future attack
DGA MALWARE EXPLOIT KIT PHISHING
y.com is blocked before
it can launch full attack
Cisco Umbrella
The fastest and easiest way to block threats
100% uptime
Resolves 80B+ DNS requests daily with no added latency
7M+ unique malicious destinations blocked across 25 data centers
Prevents malware, phishing, C2 callbacks over any port
Identify cloud & IoT usage risks
URL filtering
Proxy risky domains / SSL Decryption for file inspection using AV and AMP
Enforcement per internal IP and AD user/group
API
Investigate – Threat intelligence on all domains, IPs, File Hashes
Visibility and protection for all activity, anywhere
HQ
Mobile
Branch
Roaming
IoT
ALL PORTS AND PROTOCOLS
ON-NETWORK
OFF-NETWORK
Umbrella
All office locations
Any device on your network
Roaming laptops
Every port and protocol
First line of defense against internet threats
Cisco Umbrella
See
Visibility to protect
access everywhere
Learn
Intelligence to see attacks
before they launch
Block
Stop threats before
connections are made
Most Innovative Security Product Of 2017
Trusted by enterprises worldwide
Fortune 500
companies in retail,
healthcare, energy,
and entertainment
Over 600 leading
professional services
including law and
consulting firms
Over 500 leading
finance, banking,
and insurance
companies
Over 500 leading
manufacturing
and technology
companies
AMP : Next Gen Endpoint Protection
Windows OS Android
Apple iOS
Virtual MAC
OS
CentOS, Red
Hat Linux for
servers and
datacenters
EndpointsEndpoints
NetworkEdge
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can
be launched from
Cisco AnyConnect®
Advanced Malware Protection
Protection Across the Extended Network
What's different between
Next-Gen Endpoint Security,
vs
Traditional AV?
How has the threat landscape changed, and why
are these next-gen technologies important in
protecting against the latest threats?
• The volume of malware, and its ability to mutate and disguise itself in
new ways, has become extraordinary.
• The attackers have become more sophisticated. Businesses are no
longer just protecting against a computer getting infected. Now
they're protecting against their business being breached.
Nyetya, Petyam, WannaCry and other
sophisticated ransomware
• The WannaCry attack took advantage of a recently-patched Windows
vulnerability to spread via the network, and then dropped previously-unseen
malware that encrypted users' files.
• This shows that a comprehensive security program, that covers everything
from your users' behavior to what enters your organization via email or web to
how your endpoints are protected, is critical.
Machine Learning
• Machine learning does not rely on signatures, it can stop malware that
has never been seen before by determining how similar it is to the
universe of known threats.
• Machine learning is best when trained on very large data sets that
have been analyzed and accurately categorized by experts.
• Machine learning has the ability to detect both known and unknown
malware before the file executes
User and entity behavior analytics (UEBA)
• User and entity behavior analytics (UEBA) is great at
detecting anomalies,
• The key to UEBA is that it is attempting to see what is
normal and what is abnormal for a specific user, versus a
universal population
Cisco AMP for Endpoints now introduces “exploit prevention” capabilities that will defend
your endpoints from file-less attacks that use memory injection on unpatched software
vulnerabilities.
These types of attacks include:
•web-borne attacks, such as Java exploits that use shellcode to run payload
•malicious Adobe and Office document files
•malicious sites containing Flash, Silverlight and Javascript attacks
•vulnerabilities exploited by file-less and non-persistent malware
•zero-day attacks on software vulnerabilities yet to be patched
•ransomware, Trojans, or macros using in-memory techniques
AMP for Endpoints - Exploit Prevention to Stop
File-Less Attacks
· Microsoft Excel Application
· Microsoft Word Application
· Microsoft PowerPoint Application
· Microsoft Outlook Application
· Internet Explorer Browser
· Mozilla Firefox Browser
· Google Chrome Browser
· Microsoft Skype Application
· TeamViewer Application
· VLC Media player Application
· Microsoft Windows Script Host
· Microsoft Powershell Application
· Adobe Acrobat Reader Application
· Microsoft Register Server
· Microsoft Task Scheduler Engine
Some of the more common processes that Cisco AMP for Endpoints protects include:
AMP for Endpoints - Exploit Prevention to Stop
File-Less Attacks
Malicious Activity Protection (or MAP)
defends your endpoints from ransomware attacks
• observes the behavior of running processes
• identifies malicious actions of processes when they execute
and
• stops them from encrypting your data.
The need for next-gen endpoint security
• Next-gen endpoint protection is a valuable part of this multi-layered
strategy.
• Machine learning detects and stops previously unseen malware.
• Behavior-based protection catches ransomware “in the act” and
prevents files from being encrypted.
• Exploit Prevention to stop file-less attacks.
• Malicious Activity Protection
What do you get with AMP for Endpoints ?
Includes Antivirus and 0day threat detection
Identifies Known and unknown threats
Continuous Visibility into File Activity, File
Operations, processes Vulnerabilities
Visibility both On and Off the Network
Quarantine Threats on the Endpoint
Prevention, Monitoring + Detection,
Response
Track active processes and see history
What do you get with AMP for Endpoints ?
File
Reputation
Exploit
Prevention
Machine
Learning
Malicious
Activity
Protection
Sandboxing
Indications of
Compromise
AV Engine
Continuous
Analysis
Command
Line
Visibility
What do you get with AMP for Endpoints ?
File
Reputation
Exploit
Prevention
Machine
Learning
Malicious
Activity
Protection
Sandboxing
Continuous
Analysis
AV Engine
Command
Line
Visibility
Indications of
Compromise
Compare Endpoint Security Solutions
https://www.cisco.com/c/m/en_us/products/security/advanced-malware-
protection/competitive-comparison.html
AMP : Third Party Validation
IDC Names Cisco AMP for Endpoints a Leader
in 2017 Endpoint Security Marketscape
https://blogs.cisco.com/security/idc-names-cisco-amp-for-endpoints-a-leader-in-2017-endpoint-
security-marketscape
https://engage2demand.cisco.com/LP=3933
IDC Names Cisco AMP for Endpoints a Leader in 2017
Endpoint Security Marketscape
Security ArchitectureNetworkEdge
1. Firepower
1. FMC Management,
Reporting,
Analytics
1. Firepower
Security ArchitectureNetworkEdge
1. Firepower
1. FMC Management,
Reporting,
Analytics
2. AMP for Endpoints
Remote Endpoints
Windows OS Android Mobile Virtual MAC
OS
CentOS, Red
Hat Linux for
servers and
datacenters
EndpointsEndpoints 2. AMP for Endpoints
AMP for Endpoints can
be launched from
Cisco AnyConnect®
1. Firepower
2. AMP for endpoint
Security ArchitectureNetworkEdge
1. Firepower
1. FMC Management,
Reporting,
Analytics
2. AMP for Endpoints
Remote Endpoints
Windows OS Android Mobile Virtual MAC
OS
CentOS, Red
Hat Linux for
servers and
datacenters
EndpointsEndpoints 2. AMP for Endpoints
AMP for Endpoints can
be launched from
Cisco AnyConnect®
1. Firepower
2. AMP for endpoint
3. Email Security
3. Email Security
Security ArchitectureNetworkEdge
1. Firepower
1. FMC Management,
Reporting,
Analytics
2. AMP for Endpoints
Remote Endpoints
Windows OS Android Mobile Virtual MAC
OS
CentOS, Red
Hat Linux for
servers and
datacenters
EndpointsEndpoints 2. AMP for Endpoints
AMP for Endpoints can
be launched from
Cisco AnyConnect®
1. Firepower
2. AMP for endpoint
3. Email Security
4. ISE
3. Email Security
4. Cisco Identity Services Engine
(Cisco ISE)
Security ArchitectureNetworkEdge
1. Firepower
1. FMC Management,
Reporting,
Analytics
2. AMP for Endpoints
Remote Endpoints
Windows OS Android Mobile Virtual MAC
OS
CentOS, Red
Hat Linux for
servers and
datacenters
EndpointsEndpoints 2. AMP for Endpoints
AMP for Endpoints can
be launched from
Cisco AnyConnect®
3. Email Security
4. Cisco Identity Services Engine
(Cisco ISE)
1. Firepower
2. AMP for endpoint
3. Email Security
4. ISE
5. Stealthwatch
5. Stealthwatch
Security ArchitectureNetworkEdge
1. Firepower
1. FMC Management,
Reporting,
Analytics
2. AMP for Endpoints
Remote Endpoints
Windows OS Android Mobile Virtual MAC
OS
CentOS, Red
Hat Linux for
servers and
datacenters
EndpointsEndpoints 2. AMP for Endpoints
AMP for Endpoints can
be launched from
Cisco AnyConnect®
3. Email Security
4. Cisco Identity Services Engine
(Cisco ISE)
1. Firepower
2. AMP for endpoint
3. Email Security
4. ISE
5. Stealthwatch
6. Cloud Security
5. Stealthwatch
6. Cloud Security
Network
ISR/ASR
Advanced
Malware
Umbrella
Web
W W W
ISE
Email
NGFW/ NGIPS
Threat Grid
Stealthwatch
Event
Threat Intel
Policy
Context
Meraki
Cloudlock
Solution Integration:
Cisco Portfolio
Nikos Mourtzinos,
Cyber Security Sales Specialist
nmourtzi@cisco.com
Linkedin nmourtzi
Twitter: @nmourtzinos

Cisco Security Presentation

  • 1.
    Nikos Mourtzinos, CCIE#9763 Cisco Cyber Security Sales Specialist March 2018 How to build a multi-layer Security Architecture to detect and remediate threats in real time
  • 2.
    Cisco Strategy Umbrella AMP forEndpoints Multi-layer Security Architecture Agenda
  • 3.
    Cisco Integrated SecurityArchitecture Vision ??? Strategy Hardware Software Execution Metrics
  • 4.
    Cisco Integrated SecurityArchitecture Vision ??? Strategy Hardware Software Execution Threat Prevention Metrics
  • 5.
    Cisco Integrated SecurityArchitecture Vision ??? Strategy Hardware Software Execution Threat Prevention Metrics Perimeter Endpoint
  • 6.
    Cisco Integrated SecurityArchitecture Vision ??? Strategy Hardware Software Execution Threat Prevention Detection Metrics Perimeter Endpoint
  • 7.
    Cisco Integrated SecurityArchitecture Vision ??? Strategy Hardware Software Execution Threat Prevention Detection Metrics Perimeter Endpoint Internal Network Cloud
  • 8.
    Cisco Integrated SecurityArchitecture Vision Security Everywhere Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 9.
    Most Security Vendors– Legacy Architecture Vision ??? Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 10.
    All Cyber SecurityStartups Vision Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 11.
    Cisco Integrated SecurityArchitecture Vision Security Everywhere Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 12.
    Cisco Umbrella Vision Cisco Umbrella StrategyHardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 13.
    Cisco AMP forEndpoints Vision Cisco AMP for Endpoints Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 14.
    By 2018, Gartnerestimates: 25% of corporate data traffic will bypass perimeter security.
  • 15.
    DNS is usedby every device on your network.
  • 16.
    It all startswith DNS Umbrella Cisco.com 72.163.4.161 DNS = Domain Name System First step in connecting to the internet Precedes file execution and IP connection Used by all devices Port agnostic
  • 17.
    Key points Visibility and protection everywhere Deploymentin minutes Integrations to amplify existing investments 208.67.222.222 Umbrella (OpenDNS) The fastest and easiest way to block threats Malware C2 Callbacks Phishing
  • 18.
    and Here AMP AMP AMP FIREPOWER AMPAMP FIREPOWER Here HereHere Here Here HQ Branch Branch Roaming Off-net AMP Internet LANCOPE AMP 4 FP FIREPOWER AMP AMP AMPAMP AMP AMP Here
  • 19.
    Suspicious Domain Owner Server inHigh Risk Location Dynamic IP Address Domain Registered < 1 Min 192.1.0.68 example .com Example.org17.0.2.12 BeijingLondonSan JoseKiev HTTPSSLHTTPS Domain Registered > 2 Year Domain Registered < 1 Month Web server < 1 Month Who HowWhere When 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010 01 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score
  • 20.
    Statistical Models Co-occurrence model Identifiesother domains looked up in rapid succession of a given domain Natural language processing model Detect domain names that spoof terms and brands Spike rank model Detect domains with sudden spikes in traffic Predictive IP space monitoring Analyzes how servers are hosted to detect future malicious domains Dozens more models 2M+ live events per second 11B+ historical events
  • 21.
    Co-occurrence model Domains guiltyby inference a.com b.com c.com x.com d.com e.com f.com time - time + Co-occurrence of domains means that a statistically significant number of identities have requested both domains consecutively in a short timeframe Possible malicious domain Possible malicious domain Known malicious domain
  • 22.
    Spike rank model Patternsof guilt y.com DAYS DNSREQUESTS Massive amount of DNS request volume data is gathered and analyzed DNS request volume matches known exploit kit pattern and predicts future attack DGA MALWARE EXPLOIT KIT PHISHING y.com is blocked before it can launch full attack
  • 23.
    Cisco Umbrella The fastestand easiest way to block threats 100% uptime Resolves 80B+ DNS requests daily with no added latency 7M+ unique malicious destinations blocked across 25 data centers Prevents malware, phishing, C2 callbacks over any port Identify cloud & IoT usage risks URL filtering Proxy risky domains / SSL Decryption for file inspection using AV and AMP Enforcement per internal IP and AD user/group API Investigate – Threat intelligence on all domains, IPs, File Hashes
  • 24.
    Visibility and protectionfor all activity, anywhere HQ Mobile Branch Roaming IoT ALL PORTS AND PROTOCOLS ON-NETWORK OFF-NETWORK Umbrella All office locations Any device on your network Roaming laptops Every port and protocol
  • 25.
    First line ofdefense against internet threats Cisco Umbrella See Visibility to protect access everywhere Learn Intelligence to see attacks before they launch Block Stop threats before connections are made
  • 26.
    Most Innovative SecurityProduct Of 2017
  • 27.
    Trusted by enterprisesworldwide Fortune 500 companies in retail, healthcare, energy, and entertainment Over 600 leading professional services including law and consulting firms Over 500 leading finance, banking, and insurance companies Over 500 leading manufacturing and technology companies
  • 28.
    AMP : NextGen Endpoint Protection Windows OS Android Apple iOS Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints NetworkEdge AMP for Endpoints AMP for Endpoints Remote Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® Advanced Malware Protection Protection Across the Extended Network
  • 29.
    What's different between Next-GenEndpoint Security, vs Traditional AV?
  • 30.
    How has thethreat landscape changed, and why are these next-gen technologies important in protecting against the latest threats? • The volume of malware, and its ability to mutate and disguise itself in new ways, has become extraordinary. • The attackers have become more sophisticated. Businesses are no longer just protecting against a computer getting infected. Now they're protecting against their business being breached.
  • 31.
    Nyetya, Petyam, WannaCryand other sophisticated ransomware • The WannaCry attack took advantage of a recently-patched Windows vulnerability to spread via the network, and then dropped previously-unseen malware that encrypted users' files. • This shows that a comprehensive security program, that covers everything from your users' behavior to what enters your organization via email or web to how your endpoints are protected, is critical.
  • 32.
    Machine Learning • Machinelearning does not rely on signatures, it can stop malware that has never been seen before by determining how similar it is to the universe of known threats. • Machine learning is best when trained on very large data sets that have been analyzed and accurately categorized by experts. • Machine learning has the ability to detect both known and unknown malware before the file executes
  • 33.
    User and entitybehavior analytics (UEBA) • User and entity behavior analytics (UEBA) is great at detecting anomalies, • The key to UEBA is that it is attempting to see what is normal and what is abnormal for a specific user, versus a universal population
  • 34.
    Cisco AMP forEndpoints now introduces “exploit prevention” capabilities that will defend your endpoints from file-less attacks that use memory injection on unpatched software vulnerabilities. These types of attacks include: •web-borne attacks, such as Java exploits that use shellcode to run payload •malicious Adobe and Office document files •malicious sites containing Flash, Silverlight and Javascript attacks •vulnerabilities exploited by file-less and non-persistent malware •zero-day attacks on software vulnerabilities yet to be patched •ransomware, Trojans, or macros using in-memory techniques AMP for Endpoints - Exploit Prevention to Stop File-Less Attacks
  • 35.
    · Microsoft ExcelApplication · Microsoft Word Application · Microsoft PowerPoint Application · Microsoft Outlook Application · Internet Explorer Browser · Mozilla Firefox Browser · Google Chrome Browser · Microsoft Skype Application · TeamViewer Application · VLC Media player Application · Microsoft Windows Script Host · Microsoft Powershell Application · Adobe Acrobat Reader Application · Microsoft Register Server · Microsoft Task Scheduler Engine Some of the more common processes that Cisco AMP for Endpoints protects include: AMP for Endpoints - Exploit Prevention to Stop File-Less Attacks
  • 36.
    Malicious Activity Protection(or MAP) defends your endpoints from ransomware attacks • observes the behavior of running processes • identifies malicious actions of processes when they execute and • stops them from encrypting your data.
  • 37.
    The need fornext-gen endpoint security • Next-gen endpoint protection is a valuable part of this multi-layered strategy. • Machine learning detects and stops previously unseen malware. • Behavior-based protection catches ransomware “in the act” and prevents files from being encrypted. • Exploit Prevention to stop file-less attacks. • Malicious Activity Protection
  • 38.
    What do youget with AMP for Endpoints ? Includes Antivirus and 0day threat detection Identifies Known and unknown threats Continuous Visibility into File Activity, File Operations, processes Vulnerabilities Visibility both On and Off the Network Quarantine Threats on the Endpoint Prevention, Monitoring + Detection, Response
  • 39.
    Track active processesand see history
  • 40.
    What do youget with AMP for Endpoints ? File Reputation Exploit Prevention Machine Learning Malicious Activity Protection Sandboxing Indications of Compromise AV Engine Continuous Analysis Command Line Visibility
  • 41.
    What do youget with AMP for Endpoints ? File Reputation Exploit Prevention Machine Learning Malicious Activity Protection Sandboxing Continuous Analysis AV Engine Command Line Visibility Indications of Compromise
  • 42.
    Compare Endpoint SecuritySolutions https://www.cisco.com/c/m/en_us/products/security/advanced-malware- protection/competitive-comparison.html
  • 43.
    AMP : ThirdParty Validation
  • 44.
    IDC Names CiscoAMP for Endpoints a Leader in 2017 Endpoint Security Marketscape https://blogs.cisco.com/security/idc-names-cisco-amp-for-endpoints-a-leader-in-2017-endpoint- security-marketscape https://engage2demand.cisco.com/LP=3933 IDC Names Cisco AMP for Endpoints a Leader in 2017 Endpoint Security Marketscape
  • 45.
    Security ArchitectureNetworkEdge 1. Firepower 1.FMC Management, Reporting, Analytics 1. Firepower
  • 46.
    Security ArchitectureNetworkEdge 1. Firepower 1.FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint
  • 47.
    Security ArchitectureNetworkEdge 1. Firepower 1.FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint 3. Email Security 3. Email Security
  • 48.
    Security ArchitectureNetworkEdge 1. Firepower 1.FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE)
  • 49.
    Security ArchitectureNetworkEdge 1. Firepower 1.FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE) 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 5. Stealthwatch 5. Stealthwatch
  • 50.
    Security ArchitectureNetworkEdge 1. Firepower 1.FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE) 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 5. Stealthwatch 6. Cloud Security 5. Stealthwatch 6. Cloud Security
  • 51.
    Network ISR/ASR Advanced Malware Umbrella Web W W W ISE Email NGFW/NGIPS Threat Grid Stealthwatch Event Threat Intel Policy Context Meraki Cloudlock Solution Integration: Cisco Portfolio
  • 52.
    Nikos Mourtzinos, Cyber SecuritySales Specialist nmourtzi@cisco.com Linkedin nmourtzi Twitter: @nmourtzinos