Cisco Customer Education · 600+ Researchers 24 Œ 7 Œ 365 Operations . Research Response Threat Intelligence • Monitors 35% of the world’s email traffic • Receives 1.1 million

Cisco Customer Education Hackers, Botnets and Malware - Oh My!

Battle 21st Century Threats with Cisco Next-Gen Security

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://acecloud.webex.com/acecloud/lsr.php?RCID=9e08229bfa2b47b1a1f14a196b772b9e

Thanks for your interest and participation!



Cisco Customer Education Hackers, Botnets and Malware - Oh My!

Battle 21st Century Threats with Cisco Next-Gen Security

Connect using the audio conference box or you can call into the meeting:

1. Toll-Free: (866) 432-9903

2. Enter Meeting ID: 201 331 482 and your attendee ID number.

3. Press “1” to join the conference.

Presentation Agenda

► Welcome from Cisco

► Security in the 21st Century

► Conclusion

► There’s Big Money in Hacking

► Introducing Cisco Security About Your Host Brian Avery Territory Business Manager, Cisco Systems, Inc.

[email protected]

Cisco Confidential 4 © 2013- 2014 C isco and/or its affiliates . All rights reserved.

Who Is Cisco?


C omputer s c ientis ts , Len Bos ack and S andy Lerner found C is co S ys tems

B osack and Lerner run network cables between two different buildings on the S tanford Univers ity campus

A technology has to be invented to deal with disparate local area protocols ; the multi- protocol router is born

1984

Cisco Confidential 6

Who Is Cisco?

Chuck Robbins, CEO, Cisco

• Dow Jones Industrial Average Fortune 100 Company

• $145B Market Capitalization

• $48B in Revenue

• $8B in Annual Profits

• $33B More Cash than Debt

• $5.9B in Research and Development

http:/ / finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics


Market Leadership Matters

No. 1

Voice

39%

No. 1

TelePresence

43%

No. 1

Web Conferencing

41%

No. 1

Wireless LAN

50%

No. 2

x86 Blade Servers 27%

No. 1

Routing Edge/Core/

Access

45%

No. 1

Security

33%

No. 1

Switching Modular/Fixed

64%

No. 1

Storage Area Networks

47%

Q1CY14


§ C C E is an educational s es s ion for current and pros pective C is co cus tomers

§ Des igned to help you unders tand the capabilities and bus ines s benefits of C is co technologies

§ Allow you to interact directly with C is co s ubject matter experts and as k ques tions

§ Offer as s is tance if you need/want more information, demons trations , etc .

What Is the Cisco Customer Education Series?

Cisco Confidential 9 C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.

Security in the 21st Century


Remember This Movie?

http://www.imdb.com/title/tt0086567/


Setec Astronomy!

http://www.imdb.com/title/tt0105435/

There’s Big Money in Hacking


1990 2020 2015 2010 2005 2000 1995

Phishing, Low Sophistication

Hacking Becomes an Industry

Sophisticated Attacks, Complex

Landscape

Viruses 1990–2000

Worms 2000–2005

Spyware and Rootkits 2005–Today

APTs Cyberware Today +

The Industrialization of Hacking The Industrialization of Hacking


http://www.popsci.com/dark-web-revealed

http://www.popsci.com/dark-web-revealed


The Problem is “The Easy Button”

As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf

Total Breaches in 2014 - 783 Records Exposed – 85,611,528

1,000,000

70,000,000

56,000,000 2,600,000

1,100,000

http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf


Attack Vectors

§ Virus

§ Trojan

§ W orm

§ Phis hing

§ S ocial Engineering

§ Malware

§ S pyware

§ Botnets

§ Hacking

§ Malic ious W eb S ites

§ OS Vulnerabilities

§ S o much more…


But… I am just a small fish in a BIG pond.

Yet organizations of every size are targets

Adversaries are attacking you And using you By targeting your organization’s: To attack your enterprise customers and partners:

Customer data

Intellectual property

Company secrets

60% of UK small businesses were compromised in 2014 (2014 Information Security Breaches Survey)

100% of corporate networks examined had malicious traffic (Cisco 2014 Annual Security Report)

41% of targeted attacks are against organizations with fewer than 500 employees (July 2014 The National Cyber Security Alliance (NCSA)

Multiple Point Solutions

Traditionally your security options have been limited

Difficult integrations leave security gaps

Costly & time-consuming setup and support

Unified Threat Management

(UTM)

Stateful Firewall

VPN

Malware Analysis

Limited threat effectiveness

Dynamic Threat Landscape

It is a Community that hides in plain sight

avoids detection, and attacks swiftly

60% of data is stolen in hours

54% of breaches

remain undiscovered for months

100% of companies connect to domains that host

malicious files or services

If you knew you were going to be compromised, would you do security differently?

The Question Is No Longer if Malware Will Get Into Your Network

Where do I start?

How bad is the situation?

What systems were affected?

What did the threat do?

How do we recover?

How do we keep it from happening again?

Confirm Infection

Analyze Malware

Malware Proliferation

Remediate Search Network Traffic

Search Device Logs

Scan Devices

Define Rules (from

profile)

Build Test Bed

Static & Dynamic Analysis

Device Analysis

Network Analysis

Proliferation Analysis

Notification Quarantine Triage

Malware Profile

Stop

Search for Re-infection

Update Profile

Confirm

Infection Identified

Cannot Identify Infection No Infection

It’s How Quickly You Can Detect the Infection, Understand Scope, and Remediate the Problem

Introducing Cisco Security

Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum

Attack Continuum

Before Discover Enforce Harden

During Detect Block

Defend

After Scope

Contain Remediate

Network Endpoint Mobile Virtual Cloud Email & Web

Point in Time Continuous


Attack Continuum


During Detect Block

Defend

After Scope

Contain Remediate

FireSIGHT and pxGrid

ASA VPN

NGFW Meraki

Advanced Malware Protection

Network as Enforcer

NGIPS

ESA/WSA

CWS Secure Access + Identity Services ThreatGRID

ASA

NGFW

VPN

Secure Access + Identity Services

NGIPS

CWS


Network as Enforcer

Stay protected against the latest threats with regular updates pushed automatically

Identify advanced threats quickly with industry-leading threat research

Get industry-specific threat intelligence tailored to your business

Catch advanced threats endpoints miss with Cisco’s reverse engineers and threat analysts

Deploy the smartest threat defense available

00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00

III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00

III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000

II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I

0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0 00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I

III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I

III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00

Email Endpoints Web Networks NGIPS Devices

WWW

24 ñ 7 ñ 365 Operations Jan

600+ Researchers

Research Response

Threat Intelligence

• Monitors 35% of the world’s email traffic

• Receives 1.1 million incoming malware samples daily

• Performs 4.9 billion AV and web filtering blocks per month

• Processes 100 terabytes of security intelligence daily

Talos

Before After


AMP Delivers Integrated…

Retrospective Security Additional Point-in-Time Protection

File Reputation and Sandboxing Continuous Analysis

AMP Strengthens the First Line of Detection

Reputation Filtering and File Sandboxing

All detection is less than 100%

Dynamic Analysis

Machine Learning

Fuzzy Fingerprinting

Advanced Analytics

One-to-One Signature

With Real-Time Malware Scanning Dynamic Vectoring and Streaming

► Optimizes efficiency and catch rate with intelligent multi-scanning

► Enhances coverage with multiple signature scanning engines

► Identifies encrypted malicious traffic by decrypting and scanning SSL traffic

► Improves user experience with parallel scanning for fastest analysis

► Provides the latest coverage with automated updates

Heuristics Detection Identify Unusual Behaviors

Anti-Malware Scanning

Parallel Scans, Stream Scanning

Signature Inspection Identify Known Behaviors

Multiple Anti-malware

Scanning Engines

Signature and Heuristic Analysis

These applications are affected

What

The breach affected these areas

Where

This is the scope of exposure over time

When

Here is the origin and progression of the threat

How

Focus on these users first

Who

AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack Before It Causes Damage

And Continues to Analyze What Happens Along the Attack Continuum

0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

Web

WWW

Endpoints Network Email Devices

IPS

File Fingerprint and Metadata

Process Information

Continuous feed

Continuous analysis

File and Network I/O

Breadth and Control points:

Telemetry Stream

Talos + Threat Grid Intelligence

Trajectory Behavioral Indications

of Compromise

Threat Hunting

Retrospective Detection

And the Power to Surgically Contain and Remediate

There Are Several Ways You Can Deploy AMP AMP


Deployment Options Email and Web; AMP

on Cisco® ASA CWS

AMP for Networks (AMP on FirePOWER Network

Appliance)

AMP for Endpoints AMP Private Cloud Virtual Appliance

Method License with ESA, WSA, CWS, or ASA customers Snap into your network Install lightweight

connector on endpoints On-premises Virtual Appliance

Ideal for New or existing Cisco CWS, Email /Web Security, ASA customers

IPS/NGFW customers Windows, Mac, Android, virtual machines

High-Privacy Environments

Details

§ ESA/WSA: Prime visibility into email/web

§ CWS: web and advanced malware protection in a cloud-delivered service

§ AMP capabilities on ASA with FirePOWER Services

§ Wide visibility inside network

§ Broad selection of features- before, during, and after an attack

§ Comprehensive threat protection and response

§ Granular visibility and control

§ Widest selection of AMP features

§ Private Cloud option for those with high-privacy requirements

§ For endpoints and networks

PC/MAC Mobile Virtual

Cisco Web Security

Web Security Is More Important Than Ever Before

The web is a popular attack vector for criminals

Without proper control, your own users can put your business at risk

Increased cloud adoption creates greater vulnerabilities

Compromise of the business

Breach of trust

Breach of security

Money, Jobs, and Company Reputations Are on the Line

Heartbleed String of Pearls Shell Shock Zeus

Superior Flexibility Advanced Threat Protection

Cisco Web Security Delivers…

Comprehensive Defense

Deploy, manage, and scale easily to fit your business

Protect against advanced threats with adaptive web

security

Defend and control with best-in-class, cloud-delivered web

security

It Starts with Usage Controls and an Active Defense

Comprehensive Defense

Web Usage Control

Web Usage Control

Web Filtering

Block over 50 million known malicious sites

Web Reputation

Restrict access to sites based on assigned reputation score

Dynamic Content Analysis

Categorize webpage content and block sites automatically

Web Usage Reporting

Gain greater visibility into how web resources are used

Roaming Laptop-User Protection

Extend security beyond the network to include mobile users

Application Visibility and Control

Regulate access to individual website components and apps

Outbreak Intelligence

Identify unknown malware and zero-hour outbreaks in real time

Centralized Cloud Management

Enforce policies from a single, centralized location

And Combats Evolving Threats and Advanced Malware

Advanced Threat Protection

Cisco® Advanced Malware Protection (AMP)

File Reputation Increase the accuracy of threat detection by examining every aspect of a file

File Sandboxing Determine the malicious intent of a file before it enters the network

File Retrospection Identify a breach faster by tracking a file’s disposition over time

The Solution Works with Your Evolving Business Model

Superior Flexibility

Multiple Traffic Redirection Methods Connect Cisco® CWS to your current infrastructure

ASA / ASAv

Standalone WSA / WSAv

ISR G2

AnyConnect®

$ $ $

True Security as a Service Manage CapEx and OpEx as your business grows

1.6 million global sensors

100 TB of data received per day

150 million+ deployed endpoints

600+ engineers, technicians, and researchers

35% worldwide email traffic

13 billion web requests

24-hour daily operations

40+ languages

Cisco Web Security with AMP Built on Talos: Superior Security Intelligence

10I000 0II0 00 0III000 II1010011 101 1100001 110 110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

180,000+ file samples per day

FireAMP™ community

Advanced Microsoft and industry disclosures

Snort and ClamAV open source communities

Honeypots

Sourcefire AEGIS™ program

Private and public threat feeds

Dynamic analysis

101000 0II0 00 0III000 III0I00II II II0000I II0 1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00 Cisco® SIO

Sourcefire®

Vulnerability Research Team

(VRT)

Email Endpoints Web Networks IPS Devices

WWW

Cisco Talos

WSA or CWS

Reputation Analysis The Power of Real-Time Context

Suspicious Domain Owner

Server in High Risk Location

Dynamic IP Address

Domain Registered

< 1 Min 192.1.0.68 example.com Example.org 17.0.2.12 Beijing London San Jose Kiev HTTP SSL HTTPS

Domain Registered > 2 Year

Domain Registered < 1 Month

Web Server < 1 Month

Who How Where When

0101 1100110 1100 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100 0010 010 10010111001 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000

010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score

Loss of Productivity Is a Threat How Much Bandwidth and Time Is Being Wasted?

Facebook time: 2,110,516 minutes or 35,175 hours, 1465 days, 4.1 years # of Facebook likes: 3,925,407 at 1 second per like. That’s almost 1100 hours per day, or 45 days just liking things

Bytes on YouTube video playback: 11,344,463,363,245 or 10 TB

Pandora: 713,884,303,727 or 0.6 TB

Total browsing time per day: 2,270,690,423 or 4,320 years Total bytes per day: 70,702,617,989,737 or 64 TB; over 15% from YouTube

Source: Cloud Web Security Report

Time and Volume Quotas Intelligent Controls of Bandwidth Usage

► Control web usage to meet administrative policies, such as: - Total bandwidth used during work hours - Total bandwidth per day used for social media categories

► Configure polices to restrict access based on the amount of data (in bytes) and time

► Quotas are applicable to HTTP, HTTPS, and FTP traffic

► Configured under access policies and decryption policies

► Create custom end-user notifications of warnings when a quota is close, as well as when exceeded

Acceptable Use Controls Beyond URL Filtering

URL Filtering

► Constantly updated URL database covering over 50 million sites worldwide

► Real-time dynamic categorization for unknown URLs

HTTP://

Application Visibility and Control (AVC)

Hundreds of Apps

Application Behavior

150,000+ Micro-Apps

► Control over mobile, collaborative, and web 2.0 applications

► Assured policy control over which apps can be used by which users and devices

► Granular enforcement of behaviors within applications

► Visibility of activity across the network

Next-Generation Firewall

Cisco Confidential 48 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Focus on the Apps…

101 010011101 1100001110001110 1001 1101 1110011 011001

01 1100001 1100 0111010011101 1100001110001110 1001 1101 1

The Problem with Legacy Next-Generation Firewalls

Legacy NGFWs can reduce attack surface area but advanced malware often evades security controls.

…but miss the threat


Traditionally your security options have been limited

Difficult integrations leave security gaps

Costly & time-consuming setup and support


(UTM)

Stateful Firewall

VPN

Malware Analysis

Limited threat effectiveness



(UTM)

Stateful Firewall

VPN

Malware Analysis

Only Cisco delivers a threat-focused NGFW

Superior Protection Threat-centric defense across the attack continuum

Simplified Management Extensive control through a simpler user experience

Exceptional Value Low TCO with enterprise-grade protection

Cisco ASA with FirePOWER Services Next-Generation Firewall

(NGFW)

URL Filtering

Advanced Malware Protection (AMP)


Next-Gen Intrusion Prevention System (NGIPS)

Reduce your threat exposure

Network Firewalling

Block unauthorized access and activity by controlling traffic flow


Tailor application behavior to reduce attack surface and risk of data loss

URL Filtering

Restrict access to specific sites and sub-sites, as well as categories of sites

VPN Capabilities

Protect both site-to-site connections and remote users with granular control

WWW

Before After

Next Generation Intrusion Prevention System (NGIPS) Detect and prevent threats from entering your network

Malware

Client applications

Operating systems

Mobile Devices

VOIP phones

Routers & switches

Printers

C & C Servers

Network Servers

Users

File transfers

Web applications

Application protocols

Threats

No other NGFW offers this level of visibility The more infrastructure you see, the better protection you get

Typical IPS

Typical NGFW

Cisco ASA with FirePOWER Services

Before After


Cisco ASA with FirePOWER Services

• IPS, URL, Advanced Malware Protection (AMP) Subscription Services

• One- and Three-Year Term Options

• SmartNET • Software Application Support

plus Upgrades

• FireSIGHT Management Center (HW Appliance or Virtual)

• Cisco Security Manager (CSM) or ASDM

Base Hardware

• New ASA 5585-X Bundle SKUs with FirePOWER Services Module

• New ASA 5500-X SKUs running FirePOWER Services Software

• FirePOWER Services Spare Module/Blade for ASA 5585-X Series

• FirePOWER Services Software • Hardware includes Application Visibility

and Control (AVC)

Security Subscription Services

Management

Support

Anyconnect

Simply and securely work anywhere on any device

Cisco AnyConnect Secure Mobility Client Extending Control of Context to the Endpoint

§ Delivers reliable and transparent secure remote access for the off-premises users

§ All major devices supported (PC, Mac, Android, IOS, more)

Helps ensure endpoint integrity § Multiple authentication

options § Comprehensive posture

checks

Provides automatic secure connectivity § End-to-end encryption § Integrated web security § Per-app VPN for mobile

Differentiate Mobile Access Connect Only Approved Applications over VPN

Provides a fast, convenient and flexible approach to turn on Advanced Malware Protection (AMP)

Reduce the potential for nonapproved applications to compromise enterprise data

Support a range of remote users and endpoints (employees, partners, contractors), streamlining IT operations

Selectively Tunnels Traffic Through VPN

www

VPN

Facebook

LinkedIn

Microsoft Office

SharePoint

SAP

Verint

Streamline Endpoint Compliance Posture Check and Secure VPN Access with Unified Agent and Cisco ISE 1.3

Supports device posture and authorization across multiple access methods

Simplifies management with only one agent to manage

Prevents noncompliant devices from accessing the network

Simplified Connectivity Always-on User Experience

Automatically negotiates a hotspot, with no user intervention required

Selects optimal gateway to deliver high-performance access

Enforces enterprise connection by authorizing right user and device

Off Premises

Advanced Secure Endpoint Access Protect More for Today’s Threat-Centric Environment

Check posture and remediate to help ensure compliance

Filter for web threats (appliance or cloud) to enhance security

Encrypts data in motion, offering additional protection

Web Security

Network as Enforcer


You Can’t Protect What You Can’t See The Network Gives Deep and Broad Visibility

010101001011

010101001011

010101001011

010101001011


What Can the Network Do for You? Network as Sensor

Detect Anomalous Traffic Flows, Malware e.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration

Detect App Usage, User Access Policy Violations e.g. Maintenance Contractor Accessing Financial Data

Detect Rogue Devices, APs and More e.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach


NetFlow – The Heart of Network as a Sensor Path to Self Learning Networks

Network Flows are Attack Signatures

A Powerful Information Source for Every Network Conversation

Each and Every Network Conversation over an Extended Period of Time

Source and Destination IP Address, IP Ports, Time, Data Transferred, and More

Stored for Future Analysis

A Critical Tool to Identify a Security Breach

Identify Anomalous Activity

Reconstruct the Sequence of Events

Forensic Evidence and Regulatory Compliance

NetFlow for Full Details, NetFlow-Lite for 1/n Samples


NetFlow – The Heart of Network as a Sensor Example: NetFlow Alerts With Lancope StealthWatch

Denial of Service SYN Half Open; ICMP/UDP/Port Flood

Worm Propagation Worm Infected Host Scans and Connects to the Same Port Across Multiple Subnets, Other Hosts Imitate the Same Above Behavior

Fragmentation Attack Host Sending Abnormal # Malformed Fragments.

Botnet Detection When Inside Host Talks to Outside C&C Server

for an Extended Period of Time

Host Reputation Change Inside Host Potentially Compromised or

Received Abnormal Scans or Other Malicious Attacks

Network Scanning TCP, UDP, Port Scanning Across Multiple Hosts

Data Exfiltration Large Outbound File Transfer VS. Baseline


NetFlow – The Heart of Network as a Sensor NetFlow in Action: As an Attack Progresses

Breach Stages Detection Vulnerability Exploration Attacker Scans IP Addresses and Ports to Explore Vulnerabilities (OS, User, App.)

1 § NetFlow Can Detect on Scans Across IP Address Ranges § NetFlow Can Detect on Scans Down IP Ports on Every

IP Address

Install Malware on 1st Host Attacker Installs Software to Gain Access 2 § NetFlow Can Detect on Inbound Admin Traffic From an

Unexpected Location

Connection to “Command and Control” Malware Creates Outbound Connection With C&C System for Further Instructions

3 § NetFlow Can Detect Outbound Connections to Known C&C IP Addresses

Spreading Malware to Other Hosts Attack Other Systems on the Intranet Through Vulnerability Exploitation

4 § NetFlow Can Detect Scans Across IP Address Ranges

by Internal Hosts § NetFlow Can Detect Scans Down IP Ports on Every IP

Address by Internal Hosts

Data Exfiltration Export Data to a 3rd Party Server 5

§ NetFlow Can Detect Extended Flows (HTTP, FTP, GETMAIL, MAPIGET and More) and Data Transfer to New External Hosts


What Can the Network Do for You? Network as Enforcer

Segment the Network to Contain the Attack TrustSec - Secure Group Tagging, VRF, ISE and More

Encrypt the Traffic to Protect the Data in Motion MACsec for Wired, DTLS for Wireless, IPSec/SSL for WAN and More

Secure The Branch and Remote Users for Direct Internet Access Anyconnect, IWAN, Cloud Web Security and More

Identity Services

Cisco Identity Services Engine (ISE)

NETWORK / USER CONTEXT

How

What Who

Where When

Access Policy Compromised

Device

CXO Level Secure Access

BYOD Employee

User

Guest Visitor

INTEGRATED PARTNER ECOSYSTEM

ü MINIMIZE NETWORK UNKNOWNS ü REDUCE YOUR ATTACK SURFACE

ü ENFORCE THE RIGHT LEVEL OF ACCESS CONTROL ü CONTAIN MALICIOUS NETWORK THREATS

Role-Based Secure Access with ISE Confidential

Patient Records

Internal Employee Intranet

Internet

ü Acquires Important Context & Identity from the Network ü Implements Context-Aware Classification & Policy ü Provides Differentiated Access to the Network

Who: Guest What: iPad Where: Office

Who: Doctor What: Laptop Where: Office

Who: Doctor What: iPad Where: Office

Supports 1M Registered Endpoints and 250K ACTIVE, Concurrent Endpoints

Streamlining BYOD and Enterprise Mobility Reducing the Complexity of Managing BYOD and Device Onboarding

Integrated Native Certificate Authority for Devices

Customizable Branded Experiences

Easy User Onboarding with Self-Service Device Portals

Improved Device Recognition Desktop & Mobile Ready!

Comprehensive Device Security with Posture and EMM

Dynamic Control with Rich Contextual Profiling Simple Identity Simply Isn’t Helpful Enough Anymore

POOR context awareness à “Simple Identity” - Who are you? à IP Address 192.168.1.51

RESULT: Any user, Any device, Anywhere gets on the network

EXTENSIVE context awareness à “RICHER Identity”

RESULT: The Right user, on Right device, from the Right place is granted the RIGHT ACCESS

Who? à Bob

Where? à Building 200, 1st Floor

What? à Tablet

When? à 11:00 AM EST on April 10th

Enterprise Mobility Management Integrations Enforce True Device Compliance for All Mobile Devices

Sees ALL devices on the network

Requires devices to comply with EMM policy

Provides guest access to non-EMM devices

Sees unregistered devices on the network?

Forces EMM Policy Compliance?

Keeps noncompliant devices off network?

ISE + EMM Together

EMM Secures Actual Device

Cisco ISE Secures Network Access

SOLUTION

Conclusion


Attack Continuum


During Detect Block

Defend

After Scope

Contain Remediate

Network Endpoint Mobile Virtual Cloud Email & Web

Point in Time Continuous

Only Cisco Security Can Deliver… Visibility and Control Across the Full Attack Continuum

Attack Continuum


During Detect Block

Defend

After Scope

Contain Remediate

FireSIGHT and pxGrid

ASA VPN

NGFW Meraki


Cognitive

NGIPS

ESA/WSA

CWS Secure Access + Identity Services ThreatGRID


Thank You and Next Steps

Brian Avery bravery@ cis co.com

C ontact Your C is co Partner https ://tools .c isco.com/WW C hannels/LOC ATR/performBasicS earch.do

www.

Learn more about C is co S ecurity: www.cis co.com/go/s ecurity/

mailto:[email protected]

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

http://www.cisco.com/go/security/


§ C C E s es s ions are held weekly on a variety of topics

§ C C E s es s ions can help you unders tand the capabilities and bus ines s benefits of C is co technologies

§ W atch replays of pas t events and regis ter for upcoming events !

Vis it http://cs .co/c is co101 for details

Join us again for a future Cisco Customer Education Event

http://cs.co/cisco101

Thank you.

Documents

Cisco Customer Education · 600+ Researchers 24 Œ 7 Œ 365 Operations . Research Response Threat Intelligence • Monitors 35% of the world’s email traffic • Receives 1.1 million