Upload
cisco-systems-india-pvt-ltd
View
763
Download
0
Embed Size (px)
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Prakash Kumar
Director,
Cisco Consulting Services
IPv6 DoT Workshop
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Cisco Confidential – Redistribution Prohibited
Cyber Security: Landscape & Trends
Evolving Security Framework
Recommended Plan of Action
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Cisco Confidential – Redistribution Prohibited
Cyber Security: Landscape & Trends
Evolving Security Framework
Recommended Plan of Action
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Cisco Confidential – Redistribution Prohibited
“Cyber Security is the analysis, warning, information sharing, vulnerability reduction, risk management and recovery efforts to detect, protect against and
mitigate the impact of threats that leverage the Cyber domain”
Based on
World Economic Forum 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Policy/ regulatory
environment & lack of
coordination amongst
agencies
Evolving threat landscape
increasingly difficult to
detect and mitigate
Technology transitions leading
to greater security challenges
Changing IT landscape
Network perimeter v/s
Human perimeter
Mobility/ BYOD/ Cloud
Virus/ Worms to Directed attacks
Botnets
Internally propagating malware
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
624,000
2007
2,600,000
2010
5,700,000
(projected)
2013
Cisco Confidential – Redistribution Prohibited
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 7
MOBILITY MOBILITY
THE NETWORK
COLLABORATION COLLABORATION
CLOUD
EXPANDED ATTACK SURFACE
COMPLIANCE OBLIGATIONS
REDUCED VISIBILITY AND CONTROL
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 8
Espionage Disruption Manipulation
Script
Kiddies
Hacktivist
Groups
Organized
Crime
Nation
States
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Cisco Confidential – Redistribution Prohibited
Source: www.darkreading.com
Attacker steals Username/ password of a trusted partner
Registers nine SSL certificates for high-value domains including Google, Skype, Yahoo
Attacker uses phishing attack, infects employee with a trojan using Excel spreadsheet
Databaseof 40m SecurID seeds breached, that are used in 2-factor authentication.
Attacker breaks into Sony network in retaliation to a lawsuit
Playstation network down for more than a month
Attacker hacks servers run by a partner.
Steal WordPress source code , part of which is proprietary
Attacker uses bad website design, changes credit-card nos in URL
Steal information of 2m + customers
Attackers/ researchers send friend requests
Get access to 250GB data from more than 3000 profiles.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Cisco Confidential – Redistribution Prohibited
Credit card data was stored in plain text, got hit three times in two years. More than 600,000 credit card numbers, $10.5 b in fraudulent transactions. More than 400,000 plaintext passwords Union-based SQL injection to collect the data More than a million Unique Device Identifiers snagged from an FBI computer. Leveraged a Java vulnerability. Network penetration, Theft of approx 1.5 million credit cards, including Track 2 data, which can be used to clone credit cards. Approximately 1.6 million government and contractor accounts involving aerospace, the defense industry, financial services and law enforcement.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Cisco Confidential – Redistribution Prohibited
Approximately 6.5 million passwords stolen, which were comprised of unsalted SHA-1 hashes. Attack on a network used by Nationwide Insurance Company breached personal information of an estimated 1.1 million customers and applicants, including names, Social Security numbers, driver's license numbers, date of birth and possibly marital status, gender, occupation and employment information. Approximately 3.8 million tax records and nearly 400,000 credit card numbers stolen. Spearphishing exploit, Improper password policies, failure to encrypt social security numbers Personal details of 24 million people were hacked and stolen. 268 individual data breaches over a period of roughly three years. Governments reportedly exposed more than 94 million records containing personally identifiable information.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Cisco Confidential – Redistribution Prohibited
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Cisco Confidential – Redistribution Prohibited
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Cisco Confidential – Redistribution Prohibited
• Loss of brand image (Website defacing)
112 Indian govt websites hacked (Dec 2011 – Feb 2012)1
Websites of Supreme Court hacked (May 2012) 3
Website of Congress defaced (Dec 2011) 3
• Financial losses
Reported losses in Internet frauds in India in 2011 (Rs 787 lakh) 1
E-commerce sites, Cyber-bullying
• Loss of communication medium
DDoS attacks on government sites hosted by NIC (May 2012) 2
• Loss of privacy
US Defence data on Internet hijacked by China Telecom (2010) 2
10-25% of internet traffic originated from India or destined for India gets diverted through unknown autonomous systems 2
• Data Losses
174m data records stolen in 855 incidents investigated by Verizon 4
100m records of Sony compromised (Apr 2011) 3
Credit card data at Citigroup breached (Jun 2011) 3
Source 1 Statement in Indian Parliament 2 CERT-IN 3 News reports 4 Verizon 20120 Data breach investigation
report
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Find users from public sites like Facebook / LinkedIn
1
Attacker sends targeted email with malicious attachment
2
You Got
Mail!!!
Naïve user open the exploit that installs backdoor
3
Attacker targets other servers / devices to escalate privileges
4
Data acquired from targeted servers
5
Data transferred externally
6
• Social networking
• Untrusted Links
• Internet Access
• Data privileges
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Initial Compromise to Data Exfiltration
Initial Attack to Initial Compromise
Initial Compromise to Discovery
Discovery to Containment/
Restoration
Seconds Minutes Hours Days Weeks Months Years
10%
8%
0%
0%
75%
38%
0%
1%
12%
14%
2%
9%
2%
25%
13%
32%
0%
8%
29%
38%
1%
8%
54%
17%
1%
0%
2%
4%
Timespan of events by percent of breaches
+
Data is stolen in
hours in 60% of
breaches
85% of breaches
are not discovered
for weeks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Cyber Security: Landscape & Trends
Evolving Security Framework
Recommended Plan of Action
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
INTERNAL
EXTERNAL Social Networking
Network reconnaissance
Malware
Cross site scripting
Data leakage
Attacks Security Policy
Identity management
Admission Control, Encryption,
Anomaly Detection
Endpoint security, Antivirus
Vulnerability exploit,
Mail filtering,
Visibility & Control
Security People
Network
Host
Application
Data
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Anomaly Detection
& Mitigation
Encryption Software
App Vulnerability
Assessment
Access Control &
Video Surveillance
Vulnerability Scan
Risk Management
Facility Management
Virus Scanning - Host & Server
Endpoint Security
Web Security
Security Monitoring
Security Monitoring
App Security &
Identity Management
Event Logging
Malware Protection
Network Security
Secure Access Control Secure Mobility
Security Management
Anomaly Detection and Mitigation
Email Security Endpoint Security
Firewalls
Identity Management Integrated Router/Switch Security
Intrusion Detection &
Prevention Systems (IDS/IPS)
Multi-Function Security
Network Admission Control (NAC)
Cisco Policy Management
Security Management
Virtual Private Networks (VPN)
Web Security
Security Metrics
Cisco Confidential – Redistribution Prohibited
Architectural
Approach
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 24
Sees All Traffic
Routes All Requests Sources All Data
Controls All Flows
Handles All Devices
Touches All Users
Shapes All Streams
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 25
Offers Comprehensive Visibility and Scalable Control
Global and Local Threat Intelligence
Common Policy and Management
Info
rmatio
n
Enfo
rcem
ent
Behavioral Analysis
Encryption Identity Awareness
Device Visibility Policy Enforcement
Access Control
Threat Defense
Sees All Traffic
Routes All Requests Sources All Data
Controls All Flows
Handles All Devices
Touches All Users Shapes All Streams
Network Enforced Policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Cyber Security: Landscape & Trends
Evolving Security Framework
Recommended Plan of Action
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Plan
• Define the Security policy
• Identify assets, vulnerabilities & threats, intelligence sharing
• Create the Security Architecture
Build
• Create Risk management strategies, acceptable use policies
• Secure and monitor assets, Plan incident responses
• Conducting Security Posture Assessments
Manage
• Continuous Monitoring and review of security policies
• Updating intelligence about changing threats & vulnerabilities
• Optimization of network/ security policies
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 28
• Deploy end-to-end technology solutions
to meet your business needs
Product/Technology Solutions
Optimization
• Maximize value of security
investment
• Gain visibility into security
architecture and posture
Audits & Assessments Plan, Design, & Implement
• Protect your business with new
security technology
Business Transformation
• Secure and enable new
business opportunities
Operate
• Address day-to-day operations and
ever changing security threats
Delivered by Cisco and Our Partners
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 29
Product/Technology Solutions
Optimization
Audits & Assessments Plan, Design, & Implement
Business Transformation
Operate
Delivered by Cisco and Our Partners
• Security Architecture Assessment
• Security Posture Assessment
• Network Device Security Assessment
• Security Optimization
• Network Optimization
• TrustSec
- ISE
- 802.1x
• ASA Migration
• Email and Web Content
Security
• Security Plan, Design & Implement
• Secure Data Center Plan and Design
• Secure Unified Communications Plan & Design
• IT GRC
• Teleworker
• Cloud Security
• SMARTnet
• Remote Management Services
• Services for IPS
• Cisco IntelliShield Alert Manager Service
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Cisco Confidential – Redistribution Prohibited
• Entire network designed by Cisco
• SoC was designed and operated by Cisco
• There was no interruption even though thousands of attacks were attempted
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 31
Security Expertise
Collaborative Partner Approach
Smart Personalized Services
Innovative Security Solutions
Security solutions to protect collaborative environments and
applications
Reduce operating costs with recommendations to improve
efficiency and operations
Services that support IT
efficiency, agility, and
overall network health
Deploy a highly available, secure converged
architecture
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Cisco Confidential – Redistribution Prohibited
Thank you. Thank you.