SlideShare a Scribd company logo
for Hosted Applications
Targeted Threat Defense
Dave Jones
davej@cisco.com
June, 2015
2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why we are here?
3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why am I here?
4© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why are we here?
Was looking like this:
5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ask dave
5% of SySAdmin accounts or
their laptops may be
compromised at any moment
6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
http://www.securityweek.com/research-finds-1-percent-online-ads-malicious
1% of 600K Add sites
surveyed are hosting
Malware
7© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Top 10 varieties of threat actions over time
Source: 2014 Verizon Data Breach Investigation Report
8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
By the numbers
Source Verizon 2015 DBIR
9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Source: Verizon 2015 DBIR
10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
99.9%
OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED
MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED
Source: Verizon 2015 DBIR
11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Nation State Run Book
12© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DataCenter
Infestation & Lateral
Movement 1.  User desktop infected WCE or Mimikatz is
started
2.  Privileged user or Application logs in - WCE
hijacks credentials
3.  Rootkit remotely installed on server in
datacenter
4.  Super user performs task on datacenter
server, malware hijacks credentials
5.  Malware spreads throughout datacenter
Malware details
•  Targeting older software (Flash, Word, Acrobat
Reader, Java)
•  Malware customized to avoid AV signatures
•  Higher they get – the more unique the malware
13© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DataCenter
Infestation - Remediation
1.  Super user logs in with SmartCard and has
scoped access to other hosts
2.  Malware not propagated throughout data center
3.  Prevent privileged user or Application from
logging into desktop.
4.  Privileged user instead logs into administrator
station.
5.  Malware is not spread to data center
6.  Upgrade Applications and Operating System
baseline and Train Users
7.  Initial attack fails
14© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Controls
15© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Administration Controls
Security
Control Point
Production
Resources
Administration
End point
16© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
•  Sandbox Detonation
•  pDNS
•  NetFlow
•  Host Based IP/DS on low value computers
•  Windows Event Logs
•  Log all of these to the same place so they can be correlated
Monitoring and Detection
17© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Control Use Cases
18© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Blocking Lateral movement
Scoped Access with GPOs
19© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
•  Registry keys created or modified
•  Services running where file is outside of system32
•  Executable executed
•  Accounts trying to log into hosts that they are not authorized to log
into
Security Configuration Management
With Windows Event logs and App Locker
20© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Network device product management
Only allow SSH
From SCP
Programmatic
Interface
21© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MDM product management suite
Client and Management Traffic over HTTPS
ClientApp
Admin UI
App
Replication
22© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Virtual Machine hosting product(s)
UCS
VMWare or OpenStack/KVM
Tenant1 TenantXTenant3Tenant2
CSG Common Identity or DSX
Commodity dual
Internal Admin Token
ACLs Blocking
Admin Ports
SCP
Web Server
Plugin
Infra
Admin
Internal
Tenant
Partner
Authentication Mechanism
23© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Mail Server product management
Only allow SSH
From SCP
BSDi Mail
Appliances
Appliance
Mail Servers
Only allow PwrShell from Prov Box
Linux SCP
24© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application to Application
25© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Simple Application Credential Management
Application 1 Application B
Logged Sudo Access
to Credential
26© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Remove the Credential From the Application
Get Creds
Application 1 Application B
27© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App to App - Target
OAuthToken
request flow
Application 1 Application B
TLS EncryptedTunnel
Machine
Certificate
Machine
Certificate
User JanDoe
Delegated
JanDoe
Encrypted
Storage
28© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• HSM
• TPM
• USB
• Files….
Certificate Storage
29© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Best Practice - pxGrid
30© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Certificates
pxGrid Example
31© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Platform Exchange Grid – pxGrid
Network-Wide Context Sharing
That Didn’t Work
So Well!
pxGrid	
  Context	
  
Sharing	
  
Single	
  Framework	
  
Direct,	
  Secured	
  Interfaces	
  
I have NBAR info!
I need identity…
I have firewall logs!
I need identity…
SIO
I have sec events!
I need reputation…
I have NetFlow!
I need entitlement…
I have reputation info!
I need threat data…
I have MDM info!
I need location…
I have app inventory info!
I need posture…
I have identity & device-type!
I need app inventory & vulnerability…
I have application info!
I need location & auth-group…
I have threat data!
I need reputation…
I have location!
I need identity…
BENEFITS of pxGrid, it can…
•  Establish that secure TLS tunnel for you
•  Be leveraged as your communications bus with XMPP
Including discovery of services available
•  Verify Integrity of each endpoint communicating in the Grid
•  Be used without you writing *that* code
32© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
In Action
pxGrid
Radius
1.802.1X
User
Session
Publish
User
SGT
Device
Location
Auth
User
Meta Data
User Group
ISE Server
Switch
Internet
FireSIGHT Management
Center
Sensor
User
Meta Data
33© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
•  development SDK and client information.
https://developer.cisco.com/site/pxgrid/
pxGrid – More Information
34© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Best Practice - SDN
35© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Monitoring on Demand
Solution: Topology Independent Investigation
Opportunity: Deliver scalable, topology-independent, automated
means of capturing traffic and delivering into the appropriate incident
response analysis tooling addressing
•  East-West
•  Branch Split Tunnel
•  Inspection gap
The How: Controller Managed access layer Automated Targeted Copy
and Transport to Investigation Service with Declarative Control
APIC-EM Solution:
•  Context Informed Targeting through ISE context plus network filter
•  Copy through ERSPAN
•  Topology Independence – Routable Encapsulation
•  Automation through Controller minimizing configuration risk
•  Declarative Control – ISE session awareness
APIC-DC Solution Concept:
•  Targeted - Applied to the endpoint(s) wanting to monitor, not the
endpoint(s) EPG. Push XML to activate policy label for ‘this
contract’ or ‘this graph’, etc.
•  Copy – introduce copy policy for full copy of requested traffic
•  Topology Independence - Insert a service to process the copied
traffic
•  Automation through APIC-DC Controller dynamically adding
investigation service in path or out of band
•  APIC-DC providing Declarative Control
fireSIGHT ISE
Application
APIC-
EM
SecOps
Internet
Lab
Intranet
SCP
Source: Ken Beck
SecOps
DEVNET-1190	Targeted Threat (APT) Defense for Hosted Applications

More Related Content

What's hot

Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
Felipe Lamus
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
Amy Gerrie
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's Malware
David Perkins
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
Anwesh Dixit
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat Security Conference
 
Presentación - Cisco ASA with FirePOWER Services
Presentación -  Cisco ASA with FirePOWER ServicesPresentación -  Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
Oscar Romano
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
David Perkins
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
Justin Black
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
Lancope, Inc.
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content Protection
Cisco Canada
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
Kaspersky
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
Nguyen Binh
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019]  AST Platform and the importance of multi-layered application secu...[OPD 2019]  AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
OWASP
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 

What's hot (20)

Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's Malware
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
 
Presentación - Cisco ASA with FirePOWER Services
Presentación -  Cisco ASA with FirePOWER ServicesPresentación -  Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content Protection
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019]  AST Platform and the importance of multi-layered application secu...[OPD 2019]  AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 

Viewers also liked

A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)
Dr. Ebele Mogo
 
Flare APIs Overview
Flare APIs OverviewFlare APIs Overview
Flare APIs Overview
Cisco DevNet
 
Cross-Platform Software Design
Cross-Platform Software DesignCross-Platform Software Design
Cross-Platform Software Design
Michael Henson
 
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Dr. Ebele Mogo
 
Introduction to the DevNet Sandbox
Introduction to the DevNet SandboxIntroduction to the DevNet Sandbox
Introduction to the DevNet Sandbox
Cisco DevNet
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
Cisco DevNet
 
Humic acid technical data sheet
Humic acid technical data sheetHumic acid technical data sheet
Humic acid technical data sheet
SAINT HUMIC ACID CO.,LIMITED
 
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
DEVNET-1164	Using OpenDaylight for Notification Driven WorkflowsDEVNET-1164	Using OpenDaylight for Notification Driven Workflows
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
Cisco DevNet
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147	Energizing Your Career with Cloud TechnologiesDEVNET-1147	Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud Technologies
Cisco DevNet
 

Viewers also liked (13)

A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)
 
คอม
คอมคอม
คอม
 
Flare APIs Overview
Flare APIs OverviewFlare APIs Overview
Flare APIs Overview
 
คอม
คอมคอม
คอม
 
Cross-Platform Software Design
Cross-Platform Software DesignCross-Platform Software Design
Cross-Platform Software Design
 
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
 
Introduction to the DevNet Sandbox
Introduction to the DevNet SandboxIntroduction to the DevNet Sandbox
Introduction to the DevNet Sandbox
 
Askep hipertensi
Askep hipertensiAskep hipertensi
Askep hipertensi
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
 
Humic acid technical data sheet
Humic acid technical data sheetHumic acid technical data sheet
Humic acid technical data sheet
 
Naizak presentation
Naizak presentationNaizak presentation
Naizak presentation
 
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
DEVNET-1164	Using OpenDaylight for Notification Driven WorkflowsDEVNET-1164	Using OpenDaylight for Notification Driven Workflows
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147	Energizing Your Career with Cloud TechnologiesDEVNET-1147	Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud Technologies
 

Similar to DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications

Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Cisco do Brasil
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA Cyber Security
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
Cisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
PROIDEA
 
Mfg workshop security
Mfg workshop   securityMfg workshop   security
Mfg workshop security
Robert Albach
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Canada
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie  sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie  sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
Nur Shiqim Chok
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security
 
Protegendo sua rede
Protegendo sua redeProtegendo sua rede
Protegendo sua rede
Cisco do Brasil
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dc
Cisco Canada
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
Felipe Lamus
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018   Anatomy of attackCisco Connect Halifax 2018   Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
Cisco Canada
 

Similar to DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications (20)

Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Mfg workshop security
Mfg workshop   securityMfg workshop   security
Mfg workshop security
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie  sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie  sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Protegendo sua rede
Protegendo sua redeProtegendo sua rede
Protegendo sua rede
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dc
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018   Anatomy of attackCisco Connect Halifax 2018   Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 

More from Cisco DevNet

How to Contribute to Ansible
How to Contribute to AnsibleHow to Contribute to Ansible
How to Contribute to Ansible
Cisco DevNet
 
Rome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsRome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat bots
Cisco DevNet
 
How to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsHow to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and Chatbots
Cisco DevNet
 
Cisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable WebCisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable Web
Cisco DevNet
 
Device Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionDevice Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play Solution
Cisco DevNet
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Cisco DevNet
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
Cisco DevNet
 
WAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveWAN Automation Engine API Deep Dive
WAN Automation Engine API Deep Dive
Cisco DevNet
 
Cisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open DiscussionCisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open Discussion
Cisco DevNet
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Cisco DevNet
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
Cisco DevNet
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
Cisco DevNet
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOps
Cisco DevNet
 
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
Cisco DevNet
 
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsGetting Started: Developing Tropo Applications
Getting Started: Developing Tropo Applications
Cisco DevNet
 
Cisco Spark & Tropo API Workshop
Cisco Spark & Tropo API WorkshopCisco Spark & Tropo API Workshop
Cisco Spark & Tropo API Workshop
Cisco DevNet
 
Coding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using SparkCoding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using Spark
Cisco DevNet
 
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco DevNet
 
DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016
Cisco DevNet
 
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
Cisco DevNet
 

More from Cisco DevNet (20)

How to Contribute to Ansible
How to Contribute to AnsibleHow to Contribute to Ansible
How to Contribute to Ansible
 
Rome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsRome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat bots
 
How to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsHow to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and Chatbots
 
Cisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable WebCisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable Web
 
Device Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionDevice Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play Solution
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
 
WAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveWAN Automation Engine API Deep Dive
WAN Automation Engine API Deep Dive
 
Cisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open DiscussionCisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open Discussion
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOps
 
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
 
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsGetting Started: Developing Tropo Applications
Getting Started: Developing Tropo Applications
 
Cisco Spark & Tropo API Workshop
Cisco Spark & Tropo API WorkshopCisco Spark & Tropo API Workshop
Cisco Spark & Tropo API Workshop
 
Coding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using SparkCoding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using Spark
 
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
 
DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016
 
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
 

Recently uploaded

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 

Recently uploaded (20)

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications

  • 1. for Hosted Applications Targeted Threat Defense Dave Jones davej@cisco.com June, 2015
  • 2. 2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why we are here?
  • 3. 3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why am I here?
  • 4. 4© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why are we here? Was looking like this:
  • 5. 5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Ask dave 5% of SySAdmin accounts or their laptops may be compromised at any moment
  • 6. 6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential http://www.securityweek.com/research-finds-1-percent-online-ads-malicious 1% of 600K Add sites surveyed are hosting Malware
  • 7. 7© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Top 10 varieties of threat actions over time Source: 2014 Verizon Data Breach Investigation Report
  • 8. 8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential By the numbers Source Verizon 2015 DBIR
  • 9. 9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Source: Verizon 2015 DBIR
  • 10. 10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99.9% OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED Source: Verizon 2015 DBIR
  • 11. 11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Nation State Run Book
  • 12. 12© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DataCenter Infestation & Lateral Movement 1.  User desktop infected WCE or Mimikatz is started 2.  Privileged user or Application logs in - WCE hijacks credentials 3.  Rootkit remotely installed on server in datacenter 4.  Super user performs task on datacenter server, malware hijacks credentials 5.  Malware spreads throughout datacenter Malware details •  Targeting older software (Flash, Word, Acrobat Reader, Java) •  Malware customized to avoid AV signatures •  Higher they get – the more unique the malware
  • 13. 13© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DataCenter Infestation - Remediation 1.  Super user logs in with SmartCard and has scoped access to other hosts 2.  Malware not propagated throughout data center 3.  Prevent privileged user or Application from logging into desktop. 4.  Privileged user instead logs into administrator station. 5.  Malware is not spread to data center 6.  Upgrade Applications and Operating System baseline and Train Users 7.  Initial attack fails
  • 14. 14© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Controls
  • 15. 15© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Administration Controls Security Control Point Production Resources Administration End point
  • 16. 16© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  Sandbox Detonation •  pDNS •  NetFlow •  Host Based IP/DS on low value computers •  Windows Event Logs •  Log all of these to the same place so they can be correlated Monitoring and Detection
  • 17. 17© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Control Use Cases
  • 18. 18© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Blocking Lateral movement Scoped Access with GPOs
  • 19. 19© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  Registry keys created or modified •  Services running where file is outside of system32 •  Executable executed •  Accounts trying to log into hosts that they are not authorized to log into Security Configuration Management With Windows Event logs and App Locker
  • 20. 20© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network device product management Only allow SSH From SCP Programmatic Interface
  • 21. 21© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM product management suite Client and Management Traffic over HTTPS ClientApp Admin UI App Replication
  • 22. 22© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Virtual Machine hosting product(s) UCS VMWare or OpenStack/KVM Tenant1 TenantXTenant3Tenant2 CSG Common Identity or DSX Commodity dual Internal Admin Token ACLs Blocking Admin Ports SCP Web Server Plugin Infra Admin Internal Tenant Partner Authentication Mechanism
  • 23. 23© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mail Server product management Only allow SSH From SCP BSDi Mail Appliances Appliance Mail Servers Only allow PwrShell from Prov Box Linux SCP
  • 24. 24© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application to Application
  • 25. 25© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Simple Application Credential Management Application 1 Application B Logged Sudo Access to Credential
  • 26. 26© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remove the Credential From the Application Get Creds Application 1 Application B
  • 27. 27© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential App to App - Target OAuthToken request flow Application 1 Application B TLS EncryptedTunnel Machine Certificate Machine Certificate User JanDoe Delegated JanDoe Encrypted Storage
  • 28. 28© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HSM • TPM • USB • Files…. Certificate Storage
  • 29. 29© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Best Practice - pxGrid
  • 30. 30© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Certificates pxGrid Example
  • 31. 31© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Platform Exchange Grid – pxGrid Network-Wide Context Sharing That Didn’t Work So Well! pxGrid  Context   Sharing   Single  Framework   Direct,  Secured  Interfaces   I have NBAR info! I need identity… I have firewall logs! I need identity… SIO I have sec events! I need reputation… I have NetFlow! I need entitlement… I have reputation info! I need threat data… I have MDM info! I need location… I have app inventory info! I need posture… I have identity & device-type! I need app inventory & vulnerability… I have application info! I need location & auth-group… I have threat data! I need reputation… I have location! I need identity… BENEFITS of pxGrid, it can… •  Establish that secure TLS tunnel for you •  Be leveraged as your communications bus with XMPP Including discovery of services available •  Verify Integrity of each endpoint communicating in the Grid •  Be used without you writing *that* code
  • 32. 32© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential In Action pxGrid Radius 1.802.1X User Session Publish User SGT Device Location Auth User Meta Data User Group ISE Server Switch Internet FireSIGHT Management Center Sensor User Meta Data
  • 33. 33© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  development SDK and client information. https://developer.cisco.com/site/pxgrid/ pxGrid – More Information
  • 34. 34© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Best Practice - SDN
  • 35. 35© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Security Monitoring on Demand Solution: Topology Independent Investigation Opportunity: Deliver scalable, topology-independent, automated means of capturing traffic and delivering into the appropriate incident response analysis tooling addressing •  East-West •  Branch Split Tunnel •  Inspection gap The How: Controller Managed access layer Automated Targeted Copy and Transport to Investigation Service with Declarative Control APIC-EM Solution: •  Context Informed Targeting through ISE context plus network filter •  Copy through ERSPAN •  Topology Independence – Routable Encapsulation •  Automation through Controller minimizing configuration risk •  Declarative Control – ISE session awareness APIC-DC Solution Concept: •  Targeted - Applied to the endpoint(s) wanting to monitor, not the endpoint(s) EPG. Push XML to activate policy label for ‘this contract’ or ‘this graph’, etc. •  Copy – introduce copy policy for full copy of requested traffic •  Topology Independence - Insert a service to process the copied traffic •  Automation through APIC-DC Controller dynamically adding investigation service in path or out of band •  APIC-DC providing Declarative Control fireSIGHT ISE Application APIC- EM SecOps Internet Lab Intranet SCP Source: Ken Beck SecOps