© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1

The Importance of Threat-Centric SecurityWilliam Young

Security Solutions Architect

It’s Our Time


Security Perspective


The Problem is Threats


Today’s Advanced Malware is Not Just a Single Entity

100%of companies connect to domains that host

malicious files or services

54%of breaches

remain undiscoveredfor months

60%of data is stolen in hours

avoids detection and attacks swiftly

It is a Community that hides in plain sight

100 percent of companies surveyed by Cisco have connections to domains that are known to host

malicious files or services. (2014 CASR)


YEARSMONTHS

Impact of a Breach

HOURS

Breach occurs

60% data in breaches is stolen in hours

54% of breaches remain undiscovered for months

Information of up to 750 million individuals on the black market over last three years

START

Source: Verizon Data Breach Report 2014


Breach/Detection Time Delta is Not Improving

Source: Verizon 2014 Data Breach Investigations Report

Time to compromise

Time to discovery25%

50%

75%

100%

20

04

20

05

20

06

20

07

20

08

20

09

20

10

20

11

20

12

20

13

Percent of beaches where time to compromise (orange)/time to discovery (blue) was days or less


If you knew you were going to be compromised, would you do security differently?


A Threat-Centric Approach

ATTACK CONTINUUM

DiscoverEnforceHarden

DetectBlock

Defend

ScopeContain

Remediate

Visibility and Context

Firewall

App Control

VPN

Patch Mgmt

Vuln Mgmt

IAM/NAC

IPS

Antivirus

Email/Web

IDS

FPC

Forensics

AMD

Log Mgmt

SIEM


Cisco: Covering the Entire Attack Continuum

ATTACK CONTINUUM


DetectBlock

Defend

ScopeContain

Remediate

FireSIGHT and pxGrid

ASA

NGFW

Secure Access + Identity Services

VPN

Meraki

NGIPS

ESA/WSA

CWS

Advanced Malware Protection

Cognitive

ThreatGRID


A Threat-Centric Approach

ATTACK CONTINUUM

Point-in-Time Continuous


DetectBlock

Defend

ScopeContain

Remediate

Network Endpoint Mobile Virtual Cloud


Today’s Security Appliances

WWW

Context- Aware

Functions

IPS Functions Malware

Functions

VPNFunctionsTraditional

Firewall Functions


Work

flow

(auto

mati

on)

Engin

e

APIs

Visibility and Context are the Foundation

Broad visibility for contextVisibility

Set policy to reduce surface area of attackControl

Focus on the threat – security is about detecting, understanding, and stopping threats

Threat

Understand scope, contain & remediateBreach


Work

flow

(auto

mati

on)

Engin

e

Visibility Must Be Pervasive

Visibility

Control

Threat

Breach ScopeContainRemediate

DetectBlockDefend

ControlEnforceHarden

DiscoverMonitorInventoryMap

BEFORE

ASA

NGFW

VPN

Meraki

ISE

NAC

Network / Devices (FireSIGHT/PXGrid)

Users / Applications (FireSIGHT/PXGRID/ISE)

Files / Data (FireSIGHT/AMP)

DURING AFTER

AMP

ThreatGrid

CTA

NGIPS

ESA/WSA

Reputation

APIs


A Threat-Centric Approach Reduces Complexity and Increase Capability

Collective Security Intelligence

Centralized Management Appliances, Virtual

Network Control Platform

Device Control Platform

Cloud ServicesControl Platform

Appliances, Virtual Host, Mobile, Virtual

Hosted


The Time is Now for Cisco’s Threat-Centric Approach

Consistent Control

Complexity Reduction

Consistent Policies Across

the Network and Data Center

Fits and Adapts to Changing

Business Models

Global Intelligence With

the Right Context

Detects and Stops Advanced

Threats

Advanced Threat

ProtectionUnmatched

Visibility


Thank you.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

Documents

cisco andor

breach slide

time slide

casr slide

security perspective

threat security

breach hours breach

verizon data breach