Upload
rudolf-morgan
View
223
Download
2
Tags:
Embed Size (px)
Citation preview
The Business Value Model
Christi McClellanSecurity CAM - Cisco Systems
Security = Top Business Issue
Selected change in ranking compared with 2003
* New question for 2004
* Need for revenue growth
* Use of information in products/services
* Economic recovery
Single view of customer
Faster innovation
Greater transparency in reporting
Enterprise risk management
-
-
-
5
7
4
3
-
-
-
3
-
-
5
4
5
6
7
9
10
8
Security breaches/business disruptions
Operating costs/budgets
Data protection and privacy
Ranking
12
1
2
20032002
-
1
4
1
2
3
2004Gartner: Top Ten Business Trends In 2004
• Inability to quantify benefits
• Lack of risk analysis
• Perceived cost
• Preconceived notions
• Quickly evolving networks and applications
Why Customers Lack Sufficient Security
• Assets
• Vulnerabilities
• Threats
• Consequences
Threats and Vulnerabilities
52% experienced attacks from outside48% experienced attacks from inside
Most expensive attacks come from inside (Up to 10x more costly)
Source: CSI / FBI Security Study 2004
Internet
Virus
Introduction: Integrated Security Strategies
Why Business Disruptions Continue
• Viruses, Worms, Trojan Horses, Botnets penetrating defenses– Viruses now #1 cause of financial loss (2004 CSI/FBI)
• Day-zero attacks are sophisticated and complex• Point technologies easily bypassed, not designed to preserve network integrity
or resiliency• Non-compliant servers/desktops common, difficult to detect and contain• Locating and isolating infected systems is time and resource intensive
Security Drivers Continue
GlobalInfrastructur
eImpact
RegionalNetworks
MultipleNetworks
IndividualNetworks
IndividualComputer
Target and Target and Scope of Scope of DamageDamage
1st Gen• Boot viruses
1st Gen• Boot viruses
WeeksWeeks 2nd Gen• Macro viruses• E-mail • DoS• Limited
hacking
2nd Gen• Macro viruses• E-mail • DoS• Limited
hacking
DaysDays3rd Gen• Network DoS• Blended threat
(worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
3rd Gen• Network DoS• Blended threat
(worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
MinutesMinutes
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven DDoS
• Damaging payload viruses and worms
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven DDoS
• Damaging payload viruses and worms
SecondsSeconds
1980s 1990s Today Future
Time from Time from knowledge of knowledge of
vulnerability to vulnerability to release of release of exploit is exploit is shrinkingshrinking
Threat Defense
• Products that protect the network and endpoints from both known and unknown threats.
• These products are crucial to layered security deployment in any network.
• Defensive strategy• Is Defense all you need to win?
Trust and Identity
• Mitigate the risk associated with unauthorized individuals or devices accessing the company’s network. – Use analogies such as security badges providing varied levels of
access for different individuals. • Develop a more robust method to manage how and who
can access certain information. – Manage access by functional areas within an organization i.e.
(Human Resources and Finance.)
Secure Communications
• Converged and wireless networks create a great deal of interesting issues related to securing communication.– A "must have" solution for companies with employees
who work remotely or companies that engage in e-commerce or other business-to-business electronic communications.
Management
• Network and security management tools allow one to offensively detect, prioritize, and respond to perceived threats. – Use analogies such as the airport control tower, where all is
monitored, managed, and directed. Having the ability to direct and control the network activities is a critical element in a successful security program.
– Reinforce that without the tools to identify and prioritize potential issues, one will not be able to leverage the investment made in all of the robust defense equipment.
What are Customers Looking For?
The Self-Defending Network and Solution: Integrated Security Management
1990s 2000 2002
• Integrated security
RoutersSwitchesAppliancesEndpoints
• FW + VPN + IDS. . .
• Integrated management software
• Evolving advanced services
• Security appliances
• Enhanced router security
• Separate management software
• Basic router security
• Command Line Interface (CLI)
2003
• End-to-End Protection
• Security aware elements
• Dynamic comm. between security elements
• Self-protecting
SDNs
2004
IntegratedSecurity
Defense In Depth
PointProducts
Basic Security
Integrated Security: Building Blocks for The SDN
• Multiple technologies
• Multiple locations
• Multiple appliances
• Little / no integration
The Cisco Story
Competition
IP NetworkIP Network
The New Computing Paradigm
E-MailE-MailCollaborationCollaboration CalendarCalendar
Video-Video-on-Demandon-Demand
Web Web ApplicationApplication
Audio-Audio-ConferencingConferencing
Instant Instant MessagingMessaging
Voice Voice MessagingMessaging
ContactContactCenterCenter
TelephoneTelephoneServicesServices
TelephoneTelephoneServicesServices
SECURITYSECURITY
IT managers must use their existing corporate networks more effectively to create, maintain and maximize business relationships. That means opening the network to implement more flexible
access models that make the right information available to the right people at the right time. On the other hand, that very openness requires a new approach to security. Jamie Lewis – CEO, Burton
IT managers must use their existing corporate networks more effectively to create, maintain and maximize business relationships. That means opening the network to implement more flexible
access models that make the right information available to the right people at the right time. On the other hand, that very openness requires a new approach to security. Jamie Lewis – CEO, Burton
Evolution of Security Requirements
A Collaborative Systems Approach
NEEDED NOWNEEDED NOWPASTPAST
StandaloneStandalone Integrated Multiple LayersIntegrated Multiple Layers
Reactive Reactive Automated, ProactiveAutomated, Proactive
Product Level Product Level System-level ServicesSystem-level Services
New Methods & New Architectures
Why Self Defending Networks?
• Organizations cannot react quickly enough to these new blended threats
• The security threat is only getting worse. Point products only address a small segment of the network
• Customers need an automated system to address these ongoing threats with the right security capabilities embedded everywhere in their network infrastructure and end points
Self-Defending Network Strategy
• Endpoints + Endpoints + Networks + PoliciesNetworks + Policies
• ServicesServices• PartnershipsPartnerships
SECURITY TECHNOLOGYINNOVATION
SECURITY TECHNOLOGYINNOVATION
• Endpoint SecurityEndpoint Security• Application FirewallApplication Firewall• SSL VPNSSL VPN• Network Anomaly Network Anomaly
DetectionDetection
INTEGRATED SECURITY –
BUSINESS VALUE MODEL
INTEGRATED SECURITY –
BUSINESS VALUE MODEL
• Trust and Identity• Threat Defense • Secure Connectivity
• Trust and Identity• Threat Defense • Secure Connectivity
Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats
SYSTEM-LEVEL SOLUTIONS
SYSTEM-LEVEL SOLUTIONS
SELF-DEFENDING NETWORK
SELF-DEFENDING NETWORK
Rethinking Security
1. What are you trying to do?– What are your business objectives?– What technologies or services are needed to support
these objectives?– Do they leverage your existing resources? – Are they compatible with your current infrastructure and
security solutions?
2. What risks are associated with this?– Will you introduce new risks not covered by your
current security solutions or policy?
3. How do you reduce that risk?– How valuable are the assets at risk? What is your
tolerance for risk?
Business objectives
should drive security
decisions
Rethinking Security
• Security is more than products…Security solutions must be chosen with business objectives in mind
They must also:• - Leverage existing infrastructure and intelligence- - Contribute to correlative analysis and response - - Provide automated, collaborative defense• - Be INTEGRATED parts of a security SYSTEM
- Security IS about RISK REDUCTION in a rapidly evolving environment
Maximum risk reduction is ALWAYS achieved with an integrated solution built on a flexible and intelligent infrastructure
Risk reduction
requires integrated solutions
and services
Self Defending Network Advantages
Use What You Have
Leverage existing network infrastructure by enabling security in existing infrastructure
Protect Your Infrastructure
Use the network to protect the network
Save Time and Money
Minimize the number of devices and management tools; maximize IT staff efficiency
Deploy Security Where You Need It Most
Apply security functionality anywhere in the network – protect all network entry points
Reduce Your Risk
Deploy integrated security to minimize exposure to risk
Security Acquisitions
1995, PIX
1998, IDS
2000, VPN (SP)
2000, VPN (Enterprise)
2001, VPN (Technology)
2002, CTR (Technology)
2003, HIPS
2004, SSL VPN Client
2004, DDOS Protection
2004, Security Mgmt.
2004, NAC addition
Announced December 2004 – Affordable Correlation, Mitigation
Cisco Security Product OverviewCisco Systems
222222
TRUST AND IDENTITY
222222The Self-Defending Network and Solution: Trust and Identity
© 2003, Cisco Systems, Inc. All rights reserved. 232323
Policy Server Decision
Points
Network Access Devices
Cisco’s NAC Solution Overview
NAC Solution: Leverage the network to intelligently enforce access privileges based on endpoint security compliance
Cisco ACS
Server
AV Vendor Server
Host Attempting
Network Access
Cisco Trust Agent
RADIUS
2
Access Device forwards Credentials to Policy Server (ACS)using RADIUS
2
HCAP
3ACS Server authenticates ID and passes AV info to AV VendorsServers
3
4
AV Vendors Servers respond with Compliance/Non-ComplianceMessage
45
Policy Server Responds to AccessDevice with Access Rights andVLAN assignment
5
Access Device accepts rights,enforces policy, and notifies client:(Allow/Deny/Restrict/Quarantine)7
6
7
EAP
1
Host Sends Credentials to AccessDevice using EAP (UDP or 802.1x)
1
6
IBMIBM
http://www.cisco.com/en/US/partners/pr46/nac/partners.html
242424
Cisco Clean Access Solution (Perfigo)
Cisco Clean Access Server
Cisco Clean Access Manager
Cisco Clean Access Agent
(Perfigo SmartManager)Centralizes management for administrators, support personnel, and operators
(Perfigo SmartServer)Serves as an in-line device for network access control
(Perfigo SmartEnforcer)Optional client for device-based scanning and remediation in managed and unmanaged environments
Recognizes:Users, device, and role (guest, employee, contractor)
Evaluates:Identify security posture and vulnerabilities
Enforces:Enforce security policies and eliminate vulnerabilities
• Cisco has licensed the Perfigo CleanMachines solution, and will sell under the name “Cisco Clean Access”
• Products Orderable as of October 29, 2004
252525
THE GOAL
Intranet/Network
Cisco Acquisition of Perfigo – CleanMachinesAdmission control for Small-Medium Business
2. User is redirected to a login page
3a. Device is non compliant or login is incorrect 3b. Device is “clean.”
Machine gets on “clean list”and is granted access to network.
CleanMachines validates username andpassword. Also performs device and networkscans to assess vulnerabilities on the device.
Perfigo SmartServerPerfigo SmartManager
1. End user attempts to access a web page or uses an optional clientNetwork access is blocked until end user provides login information.
AuthenticationServer
User is denied access and assigned to a quarantinerole with access to online remediation resources.
QuarantineRole
Perfigo SmartEnforcer (optional)
2626© 2004 Cisco Systems, Inc. All rights reserved.
THREAT DEFENSE SYSTEMS
262626The Self-Defending Network and Solution: Threat Defense
2727© 2004 Cisco Systems, Inc. All rights reserved.
Threat Defense System Technologies
Firewall PIX Security Appliance, IOS FW, Catalyst FWSM
Network IDS / IPS IDS Appliances, Catalyst IDS Module, Router IDS Module, IOS- IDS, Cisco Guard XT 5650, Anomaly Detector 5600
Endpoint Security Cisco Security Agent
Network Services IOS Security Services, Private VLANs, ACLs, QoS
IOS Infrastructure Security
AutoSecure, Secure ACL, Control Plane Rate Limiting, CPU/Memory Thresholding
Intelligent Investigation
Cisco Threat Response (CTR)
Content Security Content Engines, Router Network Modules
Security Management Device Managers, CiscoWorks VMS, Cisco Works SIMS
New IPS Capabilities
The Self-Defending Network and Solution: Threat Defense
2828© 2004 Cisco Systems, Inc. All rights reserved.
SECURE CONNECTIVITY
282828The Self-Defending Network and Solution: Secure Connectivity
2929© 2004 Cisco Systems, Inc. All rights reserved.
SSL VPN IPSEC VPN
• Uses a standard web browser to access the corporate network
• SSL encryption native to browser provides transport security
• Applications accessed through browser portal
• Limited client/server applications accessed using applets
• Uses purpose-built client software for network access
• Client provides encryption and desktop security
• Client establishes seamless connection to network
• All applications are accessible through their native interfaces
SSL VPN and IPSec
Connectivity Profiles
The Self-Defending Network and Solution: Secure Connectivity
3030© 2004 Cisco Systems, Inc. All rights reserved.
INTEGRATED SECURITY MANAGEMENT
303030The Self-Defending Network and Solution: Integrated Security Management
3131© 2004 Cisco Systems, Inc. All rights reserved.
Security Management, PolicyAdministration, Monitoring and Analysis
Embedded Device Managers
IPS Firewall VPN
Cisco SDM
Cisco IDM Cisco PDM Cisco VPN3KDM
Cisco IEV
CiscoWorks VPN/Security Management Solution
CiscoWorks Security Information Mgmt. Solution
Single Device Managers
Multi-Device and Services Managers
Cisco Secure – Access Control SeverUser AAA Control Framework for Managing Administrative Access to the Network
Cisco Security Management Portfolio
323232© 2004 Cisco Systems, Inc. All rights reserved.
Protego MARS Overview and Product Line
• Founded August 2002
• Based in Sunnyvale , CA
• 40+ customers
• 38 employees
Protego is a pioneer and leading provider of enterprise security monitoring and threat mitigation utilizing a custom appliance, empowering companies to readily identify, manage and eliminate network attacks, as well as maintain compliance.
1TB
na
MARS GC
1TB750GB750GB120GB120GBRAID Storage
10,0005,0003,0001,000500Events / Second
MARS 200MARS 100MARS 100eMARS 50MARS 20Model
© 2003, Cisco Systems, Inc. All rights reserved. 353535
Self-Defending Network Strategy
• Endpoints + Endpoints + Networks + PoliciesNetworks + Policies
• ServicesServices• PartnershipsPartnerships
SECURITY TECHNOLOGYINNOVATION
SECURITY TECHNOLOGYINNOVATION
• Endpoint SecurityEndpoint Security• SSL VPNSSL VPN• Network Anomaly Network Anomaly
DetectionDetection• Application FirewallApplication Firewall
INTEGRATED SECURITY
INTEGRATED SECURITY
• Trust and Identity• Threat Defense • Secure Connectivity
• Trust and Identity• Threat Defense • Secure Connectivity
Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats
SYSTEM-LEVEL SOLUTIONS
SYSTEM-LEVEL SOLUTIONS
SELF-DEFENDING NETWORK
SELF-DEFENDING NETWORK
© 2003, Cisco Systems, Inc. All rights reserved. 363636
• Next-generation security solution provides threat protection for servers and desktops
• Identifies and prevents malicious behavior before it occurs
• Unique behavior analysis addresses known and unknown threats
• Protects against: • port scans• buffer overflows• Trojan horses• Malformed packets• Malicious HTML requests• e-mail worms• “Day-zero” attacks• and more…
Cisco Security Agent
© 2003, Cisco Systems, Inc. All rights reserved. 373737
Cisco Security AgentBehavioral Protection for Endpoints
Target
12
3
45
Probe
Penetrate
Persist
Propagate
Paralyze
• Ping addresses• Scan ports• Guess passwords• Guess mail users
• Mail attachments• Buffer overflows• ActiveX controls• Network installs• Compressed messages• Backdoors
• Create new files• Modify existing files• Weaken registry security settings• Install new services• Register trap doors
• Mail copy of attack• Web connection• IRC• FTP• Infect file shares
• Delete files• Modify files• Drill security hole• Crash computer• Denial of service• Steal secrets
Most damaging Change very slowly Inspiration for Cisco® Security Agent solution
Rapidly mutating Continual signature
updates Inaccurate
© 2003, Cisco Systems, Inc. All rights reserved. 383838
Why Cisco for Security?
Cisco is uniquely positioned to execute, design and deliver the Self Defending Network
• Largest suite of offerings with security capabilities embedded in all of our networking products
• Unique endpoint protection for desktops and critical servers with CSA and intelligent management of the endpoints with NAC
• Cisco’s long term strategy is to deliver automated prevention and remediation mechanisms throughout the network
© 2003, Cisco Systems, Inc. All rights reserved. 393939
StorageNetworking
StorageNetworking
Security Now a Baseline Architecture for All Cisco Technologies
IP TelephonyIP Telephony
Wireless LANWireless LANNetworked
HomeNetworked
Home
RoutingRoutingSwitchingSwitching
© 2003, Cisco Systems, Inc. All rights reserved. 404040
“The frustrating reality of the security guy is that when everything runs perfectly…
nobody notices…which is exactly what should happen.”
404040
Robb Boyd, CISSPCisco Systems