Click here to load reader
Upload
cisco-canada
View
554
Download
0
Tags:
Embed Size (px)
Citation preview
Cisco Content Security
Consulting Systems Engineer
Sept 30, 2014
Web and Email Solutions with Advanced Malware Protection
Daniel Thorne
Cisco Confidential 3 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Web and Email use is changing Making it more difficult to protect your network
Mobile Coffee shop Corporate Home Airport
Cisco Confidential 4 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Our Web Security Problems Aren’t Getting Any Easier An Evolving Threat Landscape
Email and Web are the #1 Threat Vector
IPv6 Spam
Blended Threats Targeted Attacks
APTs
Advanced Malware
Rootkits Worms
Trojan Horse
Cisco Confidential 5 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Content Security Challenges
Data Loss
Malware Infections
Acceptable Use Violations
• Blocking hidden malware
• Disarming malicious links
• Managing advanced threats
• Application visibility
• Granular usage control
• Consistent policy enforcement
• Safeguard vital data
• Detecting data breach
• Preventing data leakage
Visibility
• Across users and sites
• Proactive reporting (retrospective)
• Centralized data collection
Cisco Confidential 6 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Content Security with AMP
BEFORE Discover Enforce Harden
DURING Detect Block Defend
AFTER Scope
Contain Remediate
Malware Signature
File Reputation
File Sandboxing
File Retrospection
Threat Analytics
Actionable Reporting
Defense across the attack continuum
Reputation
Usage/App Controls
Filtering
Cisco Confidential 7 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
1.6 million global sensors
100 TB of data received per day
150 million+ deployed endpoints
600+ engineers, technicians,
and researchers
35% worldwide email traffic
13 billion web requests
24x7x365 operations
40+ languages
Cisco Content Security with AMP Built on unmatched collective security intelligence
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
180,000+ File Samples per Day
FireAMP™ Community
Advanced Microsoft
and Industry Disclosures
Snort and ClamAV Open Source
Communities
Honeypots
Sourcefire AEGIS™ Program
Private and Public Threat Feeds
Dynamic Analysis
101000 0II0 00 0III000 III0I00II II II0000I II0
1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
100I II0I III00II 0II00II I0I000 0II0 00 Cisco®
SIO
Sourcefire
VRT®
(Vulnerability
Research Team)
Cisco Collective
Security
Intelligence
Content Security
Email Endpoints Web Networks IPS Devices
WWW
Cisco Confidential 8 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco AMP delivers integrated…
Retrospective Security Additional Point-in-time Protection
Continuous Analysis File Reputation & Sandboxing
Cisco Confidential 9 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
AMP strengthens the first line of detection
Reputation Filtering and File Sandboxing
Dynamic
Analysis
Machine
Learning
Fuzzy
Finger-printing
Advanced
Analytics
One-to-One
Signature
Cisco Confidential 10 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
AMP’s continuous retrospective security
Breadth and Control points:
File Fingerprint and Metadata
File and Network I/O
Process Information
Telemetry
Stream
Continuous feed
Web
WWW
Endpoints Network Email
Continuous analysis
Devices
IPS
Cisco Confidential 11 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Web Security At-a-glance
Centralized Management & Reporting
Cisco Security Intelligence Operations (SIO)
WWW
URL Filtering
Application Visibility and Control (AVC)
Data Loss Prevention
(DLP)
Threat Monitoring & Analytics
Advanced Malware Protection
• Spots symptoms of infection
based on behavioral anomalies
(CWS only) and CNC traffic
• Blocks unknown files via
reputation and sandboxing
• Continues to monitor threat
levels after an attack
• Contains 50M known sites
• Categorizes unknown URLs in
real time
• Controls mobile, collaborative
and web 2.0 applications
• Enforces behaviors within web
2.0 applications
• Blocks sensitive information
• Integrates easily by ICAP with
3rd party vendors
Offers actionable insight across threats, data and applications
Allow
WWW Limited Access
WWW Block
WWW
Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min
PROTECTION CONTROL
Cisco Confidential 12 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Acceptable Use Controls Beyond URL Filtering
URL Filtering
• Constantly updated URL database covering over 50 million sites worldwide
• Real-time dynamic categorization for unknown URLs
HTTP://
Application Visibility and Control (AVC)
Hundreds of
Apps
Application
Behavior
150,000+
Micro-apps
• Control over mobile, collaborative and web 2.0 applications
• Assured policy control over which apps can be used by which users and devices
• Granular enforcement of behaviors within applications
• Visibility of activity across the network
+
Cisco Confidential 13 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Email Security At-a-glance
Centralized Management & Reporting
Cisco Security Intelligence Operations (SIO)
Defense in Depth Policy Control DLP and Encryption Targeted Threat Mitigation Advanced Malware
Protection
• Prevent phishing and blended
threats
• URL Filtering for advance
policies
• Blocks unknown files via
reputation and sandboxing
• Continues to monitor threat
levels after an attack
• SenderBase Reputation
• Anti-Spam and Spoofing
• Anti-Virus with Outbreak Filters
• Dynamic update engines
• Enhanced control over inbound
and outbound traffic
• Enforces behaviors within web
2.0 applications
• Integration with RSA DLP policy
engine and lexicons
• Encrypt sensitive information
Offers actionable insight across threats, data and applications
Deliver
Quarantine
Drop
Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min
PROTECTION CONTROL
Re-write URLs
Cisco Confidential 14 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Phishing Attack and URL Defense Controls Integrated email and web security
Rewrite
Email Contains
URL
URL Categorization
Cisco SIO
BLOCKEDwww.playboy.comBLOCKED
BLOCKEDwww.proxy.orgBLOCKED Defang
Replace
Send to Cloud
Cisco Security
The requested web page
has been blocked
http://www.threatlink.com
Cisco Email and Web Security protects your
organization’s network from malicious software.
Malware is designed to look like a legitimate email
or website which accesses your computer, hides
itself in your system, and damages files.
Cisco Confidential 15 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
DLP and Compliance Built-in Comprehensive DLP Solution with RSA: Accurate, Easy, and Extensible
Data Loss
Prevention
Incidents Policies
Accurate, Easy, and Extensible • Fast setup
• Low administrative overhead
• Comprehensive policy creation and
modification
• Exceptional accuracy
• Direct integration for enterprisewide
DLP deployments
• Secure delivery with on-box
encryption.
Data Security Threat Protection
Cisco Confidential 16 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Management and Reporting Analyze, Troubleshoot and Refine Security Policies
Centralized Reporting Centralized Management
In-depth Threat Visibility
Extensive Forensic Capabilities Centralized Policy
Management Delegated
Administration
Insight
Across Threats, Data and Applications
Control
Consistent Policy Across Offices and for Remote Users
Visibility
Continuous Visibility Across Different Devices, Services and Network Layers
Cisco Confidential 17 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Flexible Licensing and Deployment Options On-Premise or In the Cloud
Deployment
Options
Connection
Methods
On-premises Cloud
Cloud
Firewall Router Roaming
Virtual NGFW
Roaming
Appliance
Appliance
Redirectors
WCCP PAC File Explicit WCCP PAC File Explicit
Advanced
Malware
Protection
Integrated on box – Licensed Plug-in Integrated - License
Thank you.