Embed Size (px)
Citation preview
CISCO OPENDNS CLOUD SERVIS ZA DODATNU SIGURNOST U ENTERPRISE MREŽAMA
Septembar 2016. Beograd
Nikola Milovanović
Cisco CCNP, CCDP
Agenda
• Agenda: 1. Security u enterprise
mrežama danas
2. OpenDNS
tehnologija/rešenje
3. Cisco i OpenDNS
4. Demo
5. Zaključak
2
Shortage of Security Talent
Many tools require more resources than
you have available to make work
50% of PCs are Mobile 70% of Offices go Direct
Most mobile & remote workers don’t keep VPN always on, most branch offices don’t backhaul traffic, and
most new endpoint tools only detect
70-90% of Malwareis Unique to Each Org
Signature-based tools, reactive threat intelligence, and isolated security
enforcement cannot stay ahead of attacks
1. Enterprise mreže i sigurnost danas
Potencijalni sigurnosni problemi jedne kompanije
4
• Typical malware threats, especially ransomware
• External employee and consultant access
• Administrative access and delegation of privileges
• Loss of intellectual property
• Any compromise to client safety
Kako zaštititi mrežu u sledećim slučajevima?
Sources: (1) Gartner, (2) Forrester, (3) Verizon, and (4) Ponemon
2. Zbog čega dodati sigurnost na DNS nivou?
• Most command & control (C2) is initiated via DNS lookups with some non-Web callbacks
INTERNET
MALWARE
BOTNETS/C2
PHISHING
& HERE!
Rešenje OpenDNS + Cisco
LANCOPE
WSA(+ESA)
FIREPOWER
AMP AMP
AMP AMP
AMP
AMP
AMP AMP
MERAKI
AMP AMP
ASA
HERE
HEREHERE
HERE
HERE
HQ
Branch Branch
Mobile
Mobile
BENEFITS
Alerts Reduced 2x; Improves your SIEM
Block malware before it hits the enterprise
Contains malware if already inside
Internet access Is faster; Not slower
Provision globally in under 30 minutes
Umbrella: Najbrži i najefikasniji način da se blokiraju pretnje
BENEFITS
Simple to point DNS w/o technical or pro services
No hardware to install No software to maintain
Provision globally in under 30 minutes
Infinitely scalable enforcement platform
Novi nivo zaštite
OpenDNS inteligencija – korelacija informacija
Key Points
Intelligence about domains and IPs across the Internet
Live graph of DNS requests and other contextual data
Correlated against statistical models
Discover & predict malicious domains & IPs
Enrich security data with global intelligence
OpenDNS Investigate
OpenDNS InvestigateOpenDNS Umbrella
3. Cisco Threat-Centric Model
DURINGDetect
Block
Defend
AFTERScope
Contain
Remediate
BEFOREDiscover
Enforce
Harden
ASA & AnyConnect
ISE & TrustSec
FirePOWER
WSA/ESA > CWS/CAS/CES
Lancope Stealthwatch
Advanced Malware Protection (AMP) & Threat Grid
Cognitive Threat Analytics (CTA)
OpenDNS Umbrella OpenDNS Investigate
OpenDNS Investigate
Talos
12
Always-on zaštita – Umbrella + AnyConnect
13
Direct-to-Net offices – Umbrella + ISR ili Meraki
14
Mrežna sigurnost preko OpenDNS + TALOS
15
4. Demo: OpenDNS Umbrella + AnyConnect
16
Polise (Security Settings)
17
Identiteti
18
Pregled / izveštaji
19
http://system.opendns.com/Amsterdam, Berlin, Pariz,
Kopenhagen, Frankfurt, Prag,
Varšava, Bukurešt, London
Online status sistema
5. Zaključak
20
• Protection from web-based ransomware
• Speed to deployment
• Enforcement at the perimeter greatly reduces circumvention
• Ability to protect all sites, large and small
• Simple management of policies
• No impact to regulatory requirements
• Standardization of DNS server configurations
• www.rrc-bt.com
• www.rrc-bt.mk
• www.rrc.rs
• www.rrc.com.ro
• www.rrc.hu
• www.rrc.cz
• www.rrc.pl
• www.rrc.com.ua
• www.rrc.az
• www.rrc.kz
• www.rrc.ru
• www.rrc.hr
Hvala!
