The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
The VAPT testers from Suma Soft are familiar with different ethical hacking techniques such as Foot printing and reconnaissance, Host enumeration, Scanning networks, System hacking Evading IDS, Firewalls and honeypots, Social engineering, SQL injection, Session hijacking, Exploiting the network etc. https://bit.ly/2HLpbnz
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Here's the slide deck from my session titled "Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps" which was presented on the Modern Workplace Conference Paris 2022 Virtual event.
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
Simplify management of apps & devices
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
The VAPT testers from Suma Soft are familiar with different ethical hacking techniques such as Foot printing and reconnaissance, Host enumeration, Scanning networks, System hacking Evading IDS, Firewalls and honeypots, Social engineering, SQL injection, Session hijacking, Exploiting the network etc. https://bit.ly/2HLpbnz
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Here's the slide deck from my session titled "Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps" which was presented on the Modern Workplace Conference Paris 2022 Virtual event.
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
Simplify management of apps & devices
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
Driven by the mobility, cloud computing, and Internet of Everything megatrends and fueled by increasingly sophisticated cybercriminals, today’s information landscape is more dynamic and more vulnerable than ever before.
Join Cisco and Lancope for a complimentary webinar to learn how you can implement a comprehensive, network-enabled approach to cybersecurity.
During the webinar we will discuss:
Using the Network as a Security Sensor with Lancope’s StealthWatch System and Flexible NetFlow and to obtain visibility at scale, monitor network activity efficiently, discover security incidents quickly, and help achieve compliance.
Using the Network as a Security Enforcer with Cisco TrustSec to ensure policy-based access control and network segmentation for containment of the network attacks, assist compliance and reduce risks of data-breaches.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
Part one of the Symantec Website Security Threat Report white paper is available here: http://bit.ly/17XOM54
These slides give insights from the Symantec Website Security's annual global threat report.We look at website malware, malvertising, targeted attacks, watering hole attacks, ransomware and website vulnerabilities.
Security: more important than ever - Sophos Day Belux 2014Sophos Benelux
Security: more important than ever! At the Sophos Day Belux 2014, Jorn Lutters took the time to have a look back at 2014 and showed the audience what we've been dealing with in IT-security world the past year. Looking to 2015, Sophos is excited to contribute to a safer world!
Top Application Security Trends of 2012DaveEdwards12
Learn about the major risks to Cloud and Web-based Applications. What are their weaknesses? How can you deploy them in a more confident fashion and avoid the risks? What can you do to protect these applications without creating a major burden on your end-users and customers. Application Security has become one of the top most priorities of CIOs, CSOs and IT Staff in 2012. Cloud has created a paradigm shift in how we leverage technology. Learn about the power of the Cloud to Secure your applications.
The True Cost of Anti-Virus: How to Ensure More Effective and Efficient Endp...Lumension
Today, more than 1.6 million new malware signatures are identified each month. And more organizations are falling prey to "zero-day" attacks - malware for which an anti-virus signature does not exist. It’s no surprise that roughly half of the organizations surveyed in a 2010 Ponemon Institute study reported an increase in their IT operating expenses - a main driver of that cost increase was malware. Traditional anti-virus simply can't keep up in the malware arms race and relying on it as your primary defense will prove costly.
In this webcast, Paul Henry, security and forensics expert, and Chris Merritt, Director of Solution Marketing with Lumension, will examine:
* The true cost of anti-virus in terms of PC performance, network bandwidth, IT helpdesk costs, prevention of malware and more
* Why application whitelisting is a better approach to defend against rising targeted attacks
* How application whitelisting has evolved to provide a new level of intelligence that delivers more effective security and necessary flexibility to improve productivity - in even rapidly changing endpoint environments
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
Cyberattacks against small and midsize organizations have increased from 11 percent to 15 percent in 2020, according to an Avast survey. Nonprofits are no exception to this alarming trend, which results in lost productivity, damaged reputations, and serious financial implications. Whether you’re a one-person IT team or a nontechnical concerned stakeholder, this webinar will help you
- Protect your organization from common malware attacks
- Set up a strong cybersecurity strategy for your organization
- Identify solutions to help minimize cyberattack risks
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Similar to Cisco Web and Email Security Overview (20)
When responding to a security incident, communication is perhaps one of the most important, and yet, most overlooked aspects. This Cisco Security Incident Response Services Template has been used and refined for a number of years now in both Fortune 100 companies as well as with all of our Cisco Security Incident Response Services customers.
Learn more about incident response communications here: https://blogs.cisco.com/security/incident-response-fundamentals-communication
Infographic: Security for Mobile Service ProvidersCisco Security
This infographic offers an operator's view on mobile security trends, such as the technology innovations driving business gowth and security threats. It also suggests how you can protect customers.
Cisco ISE Reduces the Attack Surface by Controlling AccessCisco Security
Cisco ISE reduces the attack surface by controlling access and preventing unauthorized lateral movement on the network. Learn more at http://cs.co/9007BRFbW
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
Pervasive Security Across Your Extended NetworkCisco Security
There are many ways attackers can access your network. Keep yours safe before, during, and after an attack with best-in-class Cisco Security designed to protect your business data. Learn more at http://cs.co/9009BJ8o3
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
AMP Helps Cisco IT Catch 50% More Malware threatsCisco Security
These statistics show how the Email Security Appliance with Advanced Malware Protection allows Cisco IT to realize its comprehensive threat-centric email security strategy. Learn more: http://cs.co/9000BD620
A Reality Check on the State of CybersecurityCisco Security
In 2015, companies need to challenge the perception of security versus the reality of a connected world of people, process, data and things in the Internet of Everything. Learn more at cisco.com/go/securityservices
Balance Data Center Security and PerformanceCisco Security
Today's data centers require an approach to security that does not compromise performance or functionality. Identify where you may have gaps in your data center security, and learn what solutions are available to close or mitigate those gaps. Take action to secure your data center. Download our white paper >> http://cs.co/9000BBV22
The Cost of Inactivity: Malware InfographicCisco Security
As the cost and likelihood of a breach grows you can't afford "good enough" protection before, during, AND after an attack. Protect your brand and data with Cisco email and web security.
Learn more: http://cs.co/9003hKu3, http://cs.co/9003hKu9
Breaches happen every day. The culprit? Malware. It’s no longer a question of “if” you’ll be breached, but “when”. Don’t become another statistic. Protect your organization today. Learn more here >> http://cs.co/ampvodvepg
You face unprecedented challenges to protect your midsize business from cybersecurity threats. New trends such as mobility and cloud are changing how you need to secure devices, data and your network.
To deal with these challenges, you need a smart, scalable threat-centric security model. This model needs to provide cost-effective threat remediation and support standard security policies and controls.
Cisco can help. We deliver intelligent cybersecurity for the real world. Our threat-centric approach reduces complexity while delivering superior visibility and control—saving you time and reducing costs.
With Cisco, you gain advanced threat protection across the entire attack continuum—before, during, and after an attack. To learn more, visit http://cs.co/mmigvepg
Gartner report on Cisco TrustSec assessing technical components, interoperability considerations, Cisco’s progress in implementing support across product lines and customer deployment experiences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Cisco Web and Email Security Overview
1. Story Tweedie-Yates
Product Marketing Manager – Cisco Web Security
February 16, 2016
Protection for the top two attack vectors
Cisco Web and Email
Security
2. Top 2 attack vectors
Threats from a user’s perspective
Before, during and after: a security framework
Cisco Web and Email Security tour
Demos
Get Started
Agenda
4. Exposure – web blocks
82,000 Virus Blocks
181 Million Spyware Blocks
818 Million Web Blocks
Daily Web Breakdown
Daily
Yearly
19.7 Billion
7.2 Trillion
Total Threats Blocked
7. Attackers:
A growing appetite
to leverage targeted
phishing campaigns
Example: Snowshoe SPAM attack
SPAM up
250%
Attack surface - email
8. Attack surface – web browsers
More than
85%of the companies studied
were affected each month
by malicious browser
extensions
9. Users becoming complicit
enablers of attacks
Untrustworthy sources
Clickfraud and Adware
Outdated browsers
10% 64%
IE requests
running latest
version
Chrome requests
running latest
version
vs
Attack surface – user error on web
10. Attackers:
Shifts in the attack vectors
Java
Silverlight
PDF
Flash
Java drop 34%
Silverlight
rise 228%
PDF and Flash steady
Log Volume
2015 Cisco Annual Security Report
Attack surface – web applications
11. Attack surface – web protocol
Encrypted traffic is increasing. It represents over 50% of bytes transferred.
Individual Privacy Government Compliance
Organizational Security
The growing trend of web encryption creates a false sense
of security and blind spots for defenders
https://
13. Attackers:
Malvertising is on the rise: low-limit
exfiltration makes infection hard to
detect
In October 2014, there is a spike of
250%
Compromising without clicking
14. Exploit Kits, e.g. Cryptowall version 4
• Notorious ransomware
• Version 1 first seen in 2014
• Distributed via Exploitkits and Phishing Emails
• Fast Evolution
CRYPTOWALL 4.0
16. Web and email are portable
Mobile Coffee shop Corporate Home Airport
17. Sample attacking: Joe CFO
Waiting for his plane
Meet Joe. He is heading home for a
well deserved vacation.
He’s catching up on email using the
airport Wi-Fi while he waits for his
flight.
18. Sample attacking: Joe CFO
Checks his email
Joe just got an email from
his vacation resort.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your informationhere:
www.vacationresort.com
Best,
Resort Team
19. Sample attacking: Joe CFO
Instinctively, he clicks on the link
No problem, right? Everything looks
normal.
The site may even be a trusted site,
or maybe a site that is newly minted.
Your Tropical Getaway
Joe,
Thank you for choosing us. We look forward to seeing you.
Before your arrival, please verify your informationhere:
www.vacationresort.com
Best,
Resort Team
20. Sample attacking: Joe CFO
Joe is now infected
Joe opens the link and the resort
video plays.
Although he doesn’t know it, Joe’s
machine has been compromised by a
Silverlight based video exploit.
The malware now starts to harvest
Joe’s confidential information:
• Passwords
• Credentials
• Company access authorizations
21. Today’s cyber-threat reality
Hackers will likely
command and control
your environment via web
You’ll most likely be
infected via email
Your environment
will get breached
23. The Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in Time ContinuousThreat Intelligence
X
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
BEFORE
Discover
Enforce
Harden
24. Key:
Cisco Web Security
After
Outbreak
Intelligence
Reporting
Log Extraction
Management
Allow Warn Block Partial Block
HQ
Client
Authentication
Methods
Talos
www
CWS Only WSA / WSAv Only
Web
Filtering
Web
Reputation
Application
Visibility &
Control
Webpage
www.website.com
Anti-
Malware
File
Reputation
File
Sandboxing
File
Retrospection
Cognitive
Threat
Analytics
DLP
Integration
Hybrid
CWS
WSA
Roaming UserBranch Office
WCCP
ASA
Load Balancer
WSA
PBR
ISR G2 AnyConnect
AnyConnectExplicit/PAC
Explicit/PAC
Traffic
Redirection
Methods
Campus Office BYOD User
Admin
WSA
X X X X X X
ISR 4k
25. Cisco Email Security
Reporting
Message
Track
Management
Allow Warn
Admin
HQ
Anti-Spam
and
Anti-Virus
Mail Flow
Policies
Data Loss
Protection
Encryption
Before
DuringX XX
X
Inbound
Email
Outbound
Email
Cisco
Appliance Virtual
Talos
Block
Partial
Block
Outbound Liability
Before
AfterDuring
Tracking
User click Activity
(Anti-Phish)
File
Sandboxing & Retrospection
X X XXX
Cloud
Content
Controls
X
Email
Reputation
Acceptance
Controls
File
Reputation
Anti-Spam
Anti-Virus
Outbreak
Filters
X
Mail Flow
Policies Graymail
Management
Safe Unsubscribe
X
Anti-PhishThreatGrid URL Rep & Cat
26. 1.1 million file samples per day
AMP community
Advanced Microsoft
and industry disclosures
Snort and ClamAV open source
communities
AMP TG Intelligence
AEGIS™ program
Private and public threat feeds
10 million files per month - AMP
TG Dynamic analysis
Talos: before, during and after
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
1010000II0000III000III0I00IIIIII0000III0
1100001110001III0I00III0IIII00II0II00II101000011000
100III0IIII00II0II00III0I0000II000
Cisco®
Talos
Threat
Intelligence
Research
Response
ESA/WSA/CWS
Email Endpoints Web Networks IPS Devices
WWW
1.6 million
global sensors
100 TB
of data received per day
150 million+
deployed endpoints
600+
engineers, technicians,
and researchers
35%
worldwide email traffic
13 billion
web requests
24x7x365
operations
40+
languages
33. Identity Services
Engine Integration
And Extending User Identity and Context
Acquires important context
and identity from the network
Monitors and provides visibility
into unauthorized access
Provides differentiated access
to the network
Cisco TrustSec® provides
segmentation throughout the
network
Cisco Web Security Appliance
provides web security and
policy enforcement
Available only on WSA
Confidential
Patient
Records
Internal
Employee
Intranet
Who: Guest
What: iPad
Where: Office
Who: Doctor
What: iPad
Where: Office
Internet
Who: Doctor
What: Laptop
Where: Office
WSA
Consistent Secure
Access Policy
Cisco® Identity
Services Engine
34. Admin
HQ
Traffic
Redirections
Get the Intelligence You Need
Over 10,000 Report Variations
Customize
Dashboards
70+ pre-
defined
reports
Quick
Analysis
High-level overview with customizable widgets
One-click drill down into widgets
Customized login screen for each admin
35. Web Interaction Tracking
Enabling tracking of URLs rewritten by policy
G
App 1 App 2 App 5App 3
App 4
App 6 App 7
Rewritten URL: 2asyncfs.com
Click Time: 09:23:25 12 Jan 2015
Re-write reason: Outbreak
Action taken: Blocked
Rewritten URL: 5asynxsf.com
Click Time: 11:01:13 09 Mar 2015
Re-write reason: Policy
Action taken: Allowed
Rewritten URL: 8esynttp.com
Click Time: 16:17:44 15 Jun 2015
Re-write reason: Outbreak
Action taken: Blocked
User A
User B
User C
Potentially
malicious URLs
Filtering
Rewritten URLs
Monitor users from a single pane of glass
39. Anti-Snowshoe Enhancements
Enhanced contextual awareness for the anti-spam
engine, with unique cloud-based Bayesian learning
Increase automation and auto-classification of
emails for faster response
Global expansion of sensor coverage for early
visibility
“Building on the multi-layer defense strategy for effective protection against
snowshoe spam”
41. Unified Reporting
With unified reporting and policy
management
Unified Policies
Roaming user HQ
Cloud Web Security
Graphical User Interface
WSA
Roaming user HQ
Web Security
Reporting Application
WSA
43. Email Encryption
Zix Gateway with Cisco Technology
Automate encryption
for employees
Automate delivery to
the most secure, most
convenient method
Exchange encrypted
email transparently
Provide the optimal
mobile experience
47. Cisco Web and Email Security roadmap
Visibility Driven Threat Focused Platform Based
Recent
Releases
Email Web Interaction Tracking
Email Graymail Management
WSA with CTA
ZCT Email Encryption
WSA and CWS Unified Policy
Email and Web Appliance New Hardware
CWS Mobile Browser
Hybrid Email
Current
Projects
Email DLP
Auto-remediation for 0365 (Email)
Threat Grid Integration (CWS) Hybrid Web Security
Future
Chromebook Support (CWS)
Http 2.0 (WSA)
Email Shortlinks
Integration with Firepower
Management Center (WSA)
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to
change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
49. Web security customer requirements
Large amounts of https traffic
Detailed web and HR
reporting
Need for deep inspection
and control with AVC
Name
Password
OK Cancel
*******
Login_ID
Corporate network
Proxy
Roaming user
https
50. Get Started Today with Cisco
Learn more on the website1
See and share what’s new2
Ask for your free trial3
Editor's Notes
We always talk about the top two attack vectors being email and Web security. What do we mean by that and why do we say that?
Web Security has 3 characteristics that make it one of the top attack vectors:
Large exposure – email and web account for a comparatively huge amount of traffic
Large attack surface – browsers, applications, pictures, etc.
Low entry barrier for attackers – running existing exploit, something that’s already packaged and ready to go – easy to create a domain or send out one million emails from one hacked account : downloading an exploit kit is easy, nobody uses one account to send a million emails anymore
Starting with exposure – look at the right in this slide at the numbers of how many blocks Talos sees on a daily basis are attributed to web traffic. 80%. This is an enormous risk exposure for users.
Add spam into this and you see 2,557,767 blocks/sec
Notes on new numbers:
19.6 Billion Threats blocked per day = Web Blocks + Spam w/ Malicious attachment
2.5 Million Threats blocked per second = The 19.6 Billion blocks + all Spam messages with attachments or not
If we just look at email, we see the large exposure that people have to spam through their email
Furthermore, the attack surface for web and email is huge. For example, you see with snowshoe spam that attackers are sending low volumes of spam from a large set of IP addresses to avoid detection. They have any amount of IP addresses at their availability to continue doing this. They can also use legitimate, but hacked, accounts to do this.
Spam plays still plays a key role in helping online criminals carry out their campaigns; relying on the exploitation of users to plant malware on devices or steal credentials.
In 2014, spam volume has increased 250 percent
Snowshoe spam, sending low volumes of spam from a large set of IP addresses to avoid detection, is emerging.
Malicious actors often steal valid email credentials from users with malicious spam messages and then send spam from compromised, yet reputable, accounts.
This means spam is now more dangerous with low volume spam messages enjoying high/no reputation, making this malicious spam, often the first step (phishing email) in a blended attack, very hard to detect.
Spammers morph messages to evade detection by tweaking successful messages so that their basic structure remains the same, but the messages are different enough that they can evade spam filters – seen as high as 95 variations of the same message.
Now take the attack surface. The web vector contains applications and other entry points that attackers use to deliver viruses and carry out other malicious activities.
Once installed, malicious browser extensions can steal information, and become a major source of data leakage. Every time a user opens a new webpage with a compromised browser, that extension collects data. The attackers can then exfiltrate detailed information about every internal or external webpage that the user visits. They are also gathering highly sensitive information embedded in the URL, including user credentials, customer data, and details about an organization’s internal APIs and infrastructure.
According to the 2016 Cisco Annual Security Report, or ASR, browser infections are occurring at an alarming rate:
A full 85 percent of the 45 companies in our sample were affected every month by malicious browser extensions—a finding that underscores the massive scale of these operations. Because infected browsers are often considered a relatively minor threat, they can go undetected or unresolved for days or even longer—giving attackers more time and opportunity to carry out their campaigns.
The attack surface even includes whatever browser version you are using
Users loading compromised malvertising ad-ons from untrustworthy sources
Users in highly targeted industries almost twice as likely to succumb to Clickfraud and Adware
Not updating browsers: 10% of IE requests running latest version vs. 64% of Chrome requests running latest version
The attack surface for web also includes applications
Java exploits drop 34 percent, as Java is now falling out of favor with Java security improving, making it harder to exploit.
A significant rise in Silverlight attacks of 228 percent, though still low in volume of attacks.
Flash attacks (3 percent decrease) and PDF (7 percent increase) holding relatively steady.
There was an 88 percent overall average decline of exploit kit activity from May through November 2014. Even with this decline, we continue to see serious breaches occurring at an alarming rate.
As you can see in this slide, encrypted HTTPS traffic has become a vital component of web security.
Research conducted as part of the 2016 ASR revealed that encrypted traffic, particularly HTTPS, has reached a tipping point. While not yet representing the majority of transactions, HTTPS will soon become the dominant form of traffic on the Internet. In fact, our research shows that it already consistently represents over 50 percent of bytes transferred. This is due to overhead and the larger content that is sent via HTTPS, such as transfers to file storage sites.
What’s unfortunate is that many customers equate HTTPS traffic with “safe” traffic. However, what it really means is that you’re blind to what’s inside the HTTPS request, not that the request itself is encrypted and therefore safe.
Barriers to web and email attacks are extremely low for the attackers. In the case of malvertising, they only need customers to visit a site in order to accomplish their mission.
Malvertising: Criminals are using a ‘freemium-type model’ – similar to the legitimate tactic to give software away free but charge for additional features. In their case it is a sophisticated and multipronged technique for distributing malware, making money from many individual users in small increments by persistently infecting their browsers.
Users are often tricked to download malicious toolbars that inject malicious ads into pages visited by users contributing to a persistent state of infection.
Looking at 70 companies and 886,646 users and hosts from January through November 2014 we found a maximum infection rate of 1751 users in a given month.
Affected users jumped 250% in October 2014
CryptoWall is one ransomware variant that has shown gradual evolution over the past year with CryptoWall 2 and Cryptowall 3. Despite global efforts to detect and disrupt the distribution of CryptoWall, adversaries have continued to innovate and evolve their craft, leading to the release of CryptoWall 4.
For readers that may not be familiar, ransomware is malicious software that is designed to hold users' files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit kits. The core functionality of CryptoWall 4 remains the same as it continues to encrypt users’ files and then presents a message demanding the user pay a ransom. However, Talos observed several new developments in CryptoWall 4 from previous versions. For example, several encryption algorithms used for holding users’ file for ransom have changed.
http://blog.talosintel.com/2015/12/cryptowall-4.html
Today, people aren’t just sending email from their desktop computers anymore. They’re using mobile devices or laptops to send email from coffee shops, corporate headquarters, home offices, airports, nearly everywhere you can imagine. Fueling this change is the need to be always connected. By 2016, (according to the Pew Internet and American Life Project Report, May 2011), at least 50 percent of enterprise email users will rely primarily on a browser, tablet, or mobile client instead of a desktop client.
But it isn’t just the tools to send and receive email that are changing. The threats to email are evolving, too.
Meet Joe CFO. He’s sitting in the airport waiting to head home. He’s excited to go back for a well deserved vacation.
T: He’s using the public airport Wi-Fi to check his email
Joe just received an email from what appears to be his vacation resort.
It is asking him to verify his information – a credit card number, dinner reservations, or any number of things.
It wants him to verify by clicking on an embedded URL link.
T: Joe is drawn to the link.
Everything seems fine. There is a factor of trust, since Joe is going on vacation and the email is from a vacation resort.
The email may even be from a trusted site that has been compromised.
T: Joe clicks on the link.
A resort video plays. Although he doesn’t know it, Joe has been taken to a website with a flash-based video exploit and it has downloaded malware onto his machine.
The malware begins to harvest his information. Joe’s passwords, credentials, and company access authorizations have all been compromised.
He has unknowingly given hackers the ability to steal sensitive company and customer information.
T: Enjoy your vacation Joe.
Today’s reality has 3 outcomes for your business:
Your environment will be breached
When it is, it will probably happen because of an infected email
And if hackers use command and control on your system, they will probably get access via web
T: All of this means, you need a smarter solution.
<click>
THE BEST WAY TO COMMUNICATE THE TOTALITY OF THE CHALLENGE IS TO LOOK AT THE ATTACK CONTINUUM. THIS IS WHAT OUR CUSTOMERS ARE DEALING WITH, WHEN TRYING TO DEFEND THEIR NETWORKS.
THE REASON WE USE THIS NEW SECURITY MODEL IS TO ACCENTUATE, THAT A SILVER BULLET IS NOT FEASIBLE….ITS A BIGGER PROBLEM.
THERE ARE THREE STAGES TO AN ATTACK: BEFORE, DURING, AND AFTER
LETS LOOK AT BEFORE AN ATTACK –
BEFORE AN ATTACK:
CUSTOMERS NEED TO KNOW WHAT THEY ARE DEFENDING….YOU NEED TO KNOW WHATS ON YOUR NETWORK TO BE ABLE TO DEFEND IT – DEVICES / OS / SERVICES / APPLICATIONS / USERS
THEY NEED TO IMPLEMENT ACCESS CONTROLS, ENFORCE POLICY AND BLOCK APPLICATIONS AND OVERALL ACCESS TO ASSETS.
THIS IS WHERE CUSTOMERS SPEND MOST OF THEIR TIME AND MONEY….THE HOPE IS TO REDUCE THE ATTACKABLE SURFACE SPACE OF THE NETWORK.
UNFORTUNATELY, ATTACKERS HAVE A RELATIVELY EASY TIME PENETRATING THE PERIMETER OF A NETWORK EVEN WITH GOOD ACCESS CONTROLS.
DURING THE ATTACK:
WHEN ATTACKS GET THROUGH, WE NEED TO BE ABLE TO DETECT THEM
MUST HAVE THE BEST DETECTION OF THREATS THAT YOU CAN GET
ONCE WE DETECT ATTACKS, WE CAN BLOCK THEM AND DEFEND the ENVIRONMENT
AFTER THE ATTACK:
INVARIABLY ATTACKS WILL BE SUCCESSFUL, AND Customers NEED TO BE ABLE TO DETERMINE THE SCOPE OF THE DAMAGE, CONTAIN THE EVENT, REMEDIATE, AND BRING OPERATIONS BACK TO NORMAL
ALSO NEED TO ADDRESS A BROAD RANGE OF ATTACK VECTORS, WITH SOLUTIONS THAT OPERATE EVERYWHERE THE THREAT CAN MANIFEST ITSELF – ON THE NETWORK, ENDPOINT, MOBILE DEVICES, VIRTUAL AND CLOUD ENVIRONMENTS.
IN THE NEW SECURITY MODEL YOUR SECURITY SOLUTIONS CANT BE EFFECTIVE AT A POINT IN TIME, BUT THEY MUST BE ALWAYS ON, LISTENING , LOOKING FOR CHANGE…IN OTHER WORDS…CONTINUOS IN THEIR CAPABILITY.
Cisco Web Security offers a plethora of features to suit your business needs.
Let’s start with a high level view of what both CWS and WSA offer together:
• Big data analytics and collective global security intelligence
• Reputation filtering
• Real-time malware scanning
• Web usage controls
• Application visibility and control (AVC)
• Data loss prevention (DLP)
• Threat protection and remediation
• Flexible deployment options
When deciding either/or, the most basic differentiation between the two offerings is this question:
Does the customer prefer Cloud or Appliance?
Cisco Cloud Web Security is the cloud delivered solution that is ideal for a highly distributed organization. CWS data centers around the world act as proxies for web requests, which works well for geographically distributed organizations.
Cisco Web Security Appliance is an ideal solution for an organization with a centralized user population.
Besides the inherent differences between a cloud and on-premises offering, the following is a comprehensive, though not exhaustive, list of some of the detailed differences between CWS and WSA.
Following the visual on the slide, we can start with Outbreak Intelligence. CWS has Outbreak Intelligence which is contextual based malware detection. CWS always uses 2 signature-based AV engines: Sophos and Kaspersky. All files get scanned by both AV’s as well as by Outbreak Intelligence (heuristics based), and if any of these engines detect the file as malicious it will be blocked. WSA does not use Outbreak Intelligence, but the L4 traffic monitoring engine can detect malicious activity without the need of signatures. WSA uses 3 signature-based engines and the admin can decide which of the 3 to use (any combination): Webroot, McAfee, and Sophos.
Keeping with the visual on the slide, WSA has layer 4 scanning abilities while CWS does not. Because WSA is an on-premise device it can be used to monitor “level 4” network activity, i.e. not limited only to HTTP and HTTPS traffic. This means that other threats or undesirable traffic coming in and out of the network to/from the internet can be detected. As only HTTP and HTTPS traffic gets sent to CWS in the cloud, it does not have this or an equivalent capability. However, CTA on CWS also helps with that (see below).
CWS has CTA for advanced, cloud powered zero day breach detection while WSA doesn’t. CTA is roadmapped for WSA in Q1 FY16.
What is not on the slide is that WSA has caching which provides a better customer experience – this is functional with CWS when deploying via the WSA as a redirection method. Furthermore, WSA offers time & bandwidth quota’s, which are only available on CWS with standalone deployment. WSA also has IPv6 support, which is roadmapped for CWS.
Going back to the visual, you can see here that WSA has stronger DLP options than CWS. Only ICAP (Internet Content Adaption Protocol) is relevant for the DLP on the WSA. It is used to send content to something else (DLP system in this case) for checking before onward transmission . CWS only has OCSP which is not DLP.
CWS is the only offering that provides split-tunnel functionality for remote users even when not deployed via VPN. To get this functionality the AnyConnect Secure Mobility client must be downloaded.
Looking at the AMP area on the infographic, both solutions have PDF, EXE and MSFT Office file support on AMP
Looking down at the Log Extraction area on the bottom right corner, both WSA and CWS can do log extraction. Considering WSA is an appliance which is local, log export or “extraction” is extremely straightforward. It’s not a WSA thing, but more of a hardware proxy thing. As the WSA is an on-premise device, it is much easier to export the logs from the device directly into another platform such as a SIEM and the export is a standard feature of the WSA. As the CWS logs are in the cloud it is necessary to “extract” them back to the customer’s network. Log extraction from WSA and CWS both integrate with SIEM and other tools.
Cisco Email security provides protection across the attack continuum.
Before an attack with Reputation Filtering,
During an attack with Signature, Antivirus and spam scanning; URL scanning; File reputation; and sandboxing
And after an attack with continuous retrospection – the ability to identify malicious malware that crossed the wire undetected.
To deliver protection in all phases and continuously monitor effectively, you need constant and dynamic support from the cloud.
There are multiple inputs that you’ll need to process to get the kind of intelligence and insight you need to deliver security effectively -- for both point-in-time and continuous monitoring capabilities.
Notice that the data cited in this slide looks familiar to what you’ll see from other vendors. But look at the scale of Cisco’s numbers. That kind of volume is how Cisco delivers such a high level of protection.
Processing 35% of the world’s email traffic, being able to mine that data for insight into vendor relationships, run reputation against it, with millions of sensors that feed us input. That’s the Cisco difference.
We combine that processing, data mining, and analytics with the intelligence provided by the Research Response every day. That intelligence includes relationships with all the big vendors – Microsoft, Adobe, and Apple. It includes nearly 200,000 unique files that are processed and executed virtually every single day, as we look for artifacts or indications of compromise.
There’s a global network of honeypots and much more. Cisco’s intelligence operation feeds its data and findings to our research team, which promotes the design of capabilities that only we can deliver because its based on continuous monitoring on a global scale.
It’s all delivered through our cloud platform, called Collective Security Intelligence, which allows you to take advantage of advanced analytics based on IPS rule, firewall category, and other information pushed out across the protection continuum.
…That is visibility-driven, threat–focused with a platform based approach. Pervasive, continuous and always-on.
At Cisco, our mission states our focus… Intelligent cybersecurity for the real world.
There are three components to the Hybrid offering, reporting, policy and Hybrid SKUs
So moving from left to right, we have…
Hybrid reporting Available today and provides a consolidated view of user activity across multiple WSAs and Cloud Web Security. This capability is enabled by the Web Security Reporting Application V4.0 will be release this week and will we cover more on reporting in a moment.
Next…
Hybrid policy which provides a way in which a common malware and web filtering policy can be managed for the on premises users and those utilising cloud web security. The common policy is achieved by importing a previously exported WSA policy into CWS. This is currently in developed and targeted for availability in June.
Lastly, we have the hybrid SKU bundle, orderable today.
The Hybrid Bundle includes both WSA and CWS components and allows the customers the flexibility to consume Cisco’s Web Security offerings in any way they want. The customer purchases a total number of users and can change choose the mix of on-premises to cloud users that’s suitable for them. As they transition more users to the cloud they can also change the relative mix at any time. We will be covering this in more detail later but first, let’s take a closer look at hybrid reporting then common policy.
Now we move on to protection of mobile users.
One web security solution for all users and devices
How does it work?
The current offering is a Mobile browser that can be used to browse safely which is pushed onto the device through a corporate MDM solution.
Replaces the native browser
Basically, CWS works as a proxy. The model is:
User makes web request => request is re-directed to CWS proxy => request goes to internet or is blocked => if request is blocked, the user receives the access denied view shown above
CWS Mobile Browser will be shown as a browser on the mobile device, users will only be able to use it by going through the browser
The goal of the Cloud Web Security (CWS) Secure Browser is to provide a web browser on iOS and Android mobile devices that will forward the device users web traffic to the CWS cloud.
Why a mobile browser?
No existing CWS solution for iOS or Android roaming devices.
Biggest competitors have a similar component in their mobile security solution.
Together with customer’s MDM solution, enforce customer AUP on BYOD devices.
Another important element of Cisco Web Security is the Cisco Identity Services Engine, or ISE, which can be used to set policy with the WSA. For example, a doctor on a laptop in his office can access confidential patient records online. That same doctor using his iPad in his office cannot – but he does have access to browsing the internal employee intranet.
WIRe reporting provides over 10,000 report variations to meet your specific needs.
Detailed reporting dashboards offer high-level overviews of usage with multiple views for quick insight. They also provide visibility into policy blocks, malware blocks, and website activity from sites like Facebook.
Administrators and management want more visibility into threats. Specifically, they want to track messages with malicious links, including who clicked on the link and the results of their actions
End users who click on these links need education on email borne threats and these reports would help identify those users
URL Click Tracking allows administrators to track the end users who click on URLs that have been rewritten by the ESA
Reports show:
Top users who clicked on malicious URLs
The top malicious URLs clicked by end users
Date/time, rewrite reason, and action taken on the URLs
Starting with 10 billion requests a day, anomaly detection and trust modeling let you focus on the 1% of requests that actually matter.
<click>
Then, using event classification and entity modeling you can find out what type of threat it is, and where it is on your system.
Finally, using relationship modelling, you can understand if a threat is a one-off attack or part of a larger global campaign.
From 10 billion requests per day, down to 1-50 thousand incidents, CTA can comb through big data in near real-time.
This means you not only get the visibility you need, you get it when you need it.
T: Together, AMP and CTA help you determine the right course of action.
<click>
Graymail has become more of a problem and both users and administrators are leery of clicking unsubscribe links which may harvest addresses or have drive-by download malware on the target web site
These aggressive marketing messages are not spam, but considered as such by the end users as they didn’t “opt in” to receive them.
Administrators want to be able to better control this type of mail and allow for safe unsubscribes for their end users
End users wish to stop the tide of garbage coming in their inbox. The recipient wants a way to stop it, yet not have to worry about malicious threats
Graymail messages are categorized into Marketing, Social Networking, and Bulk messages
Using an un-subscribe mechanism, the end user can indicate to the sender that they would like to “opt-out” of receiving such emails in the future.
Since mimicking an un-subscribe mechanism is a popular phishing technique, end users are wary of clicking on the unsubscribe links
The Graymail solution will provide:
Protection against malicious threats masquerading as unsubscribe links
A uniform interface for all subscription management to end-users
Better visibility to the email administrators and end-users into such emails
When a snowshoe spammer uses a large number of IP addresses and domains, traditional spam filters are not effective. Enhanced contextual awareness can analyze the content - looking at words, patterns, and photos - of the email to identify it as snowshoe spam. As we analyze it, we can recognize them as snowshoe spam.
Once we identify an email as snowshoe spam, we can classify it and group others with similar characteristics using automation and auto-classification WITHOUT having to analyze the full email.
Talos receives security intelligence from millions of sensors and honey pots around the globe. This intelligence can be used to catch snowshoe spam.
Unified Policy allows you to set policy for the cloud or the appliance all from the same place, saving previous administrative time and maintaining the same levels of protection across remote users as well as users in HQ. This is one-directional from CWS to WSA.
Web Usage Reporting provides full visibility into how Web resources are used. With over 10,000 customizable reports that can convey over 100 different attributes for each request, you can ensure that business-critical applications are not being affected by non-business-related traffic. You can see traffic by user or by application with customizable reportlets and dashboards for easy visualization. Furthermore, you can see reports for your cloud and application users from the same screen with the Web Security Reporting Application. This is one-directional from the WSA to CWS.
ZixGateway with Cisco Technology, ZCT, is an email encryption appliance that delivers simple, secure management of email encryption services. Deployed completely on-premises, ZCT works in conjunction with your Cisco Email Security Appliance (ESA). Automation offers peace of mind for businesses and a simplified experience for employees, who no longer have to worry about making the right decision or taking the right steps to encrypt each email. More than 70 percent of emails using ZCT technology are sent and received transparently. ZCT also provides an optimal mobile experience for both senders and recipients.
The platform is built on Cisco’s Unified Computing System (or UCS) server platforms. This means you are getting all the web and email security performance you need from the single provider you trust the most; Cisco.
There are three main platform sizes for the x90 to fit your needs. The 190 for smaller groups of users and then the 390 and the 690 for increasing amounts of capacity that can serve larger groups of users.
The x90 platform involves three specific performance increases. First, the hardware maintains a high level of responsiveness and speed while providing you the best features and functionality. This is possible through increased Central Processing Unit cores (or CPU). We are also providing increased memory and raw disk storage capacity. This means that you can store your web and email security data for a longer period of time, allowing you better access to your data for reporting.
With this hardware launch, the 190 provides large performance benefits. The CPU core count has tripled and there is now 1.2 TB of raw hard disk space available.
Even with the performance increases for the x390, the box itself takes up a smaller amount of space. Now, you have a high-performing solution that fits within your space constraints.
For the larger groups of users, we are introducing an entirely new offering with even more storage and capacity. The 690x provides 4.8TB of storage on the Email Security Appliance, and 9.6TB on the Web Security and Security Management Appliances.
Before we end, I encourage you to visit Cisco.com/go/websecurity
http://www.cisco.com/c/en/us/products/security/web-security-appliance/web-email-security.html
https://info.sourBefore we end, I encourage you to visit Cisco.com/go/websecurity to learn more about the solution and how it can improve web security at your organization.
While you’re there, you can see how we’re updating and adapting the solution every day to better serve customer security needs.
Last, contact us to set up a free trial created especially for your company needs and challenges.
[Cisco.com/go/websecurity
http://www.cisco.com/c/en/us/products/security/web-security-appliance/web-email-security.html
https://info.sourcefire.com/ContentSecurityOfferPage.html
use the instant eval form for CWS: https://instanteval.cws.sco.cisco.com/provisioning/index#/]cefire.com/ContentSecurityOfferPage.html
use the instant eval form for CWS: https://instanteval.cws.sco.cisco.com/provisioning/index#/