SlideShare a Scribd company logo

Cisco Security Presentation

Simplex
Simplex

As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes. Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware. Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.

1 of 52
Downloaded 284 times
Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 How to build a multi-layer Security Architecture to detect and remediate threats in real time
Cisco Strategy Umbrella AMP for Endpoints Multi-layer Security Architecture Agenda
Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Metrics
Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Metrics
Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Metrics Perimeter Endpoint
Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Detection Metrics Perimeter Endpoint
Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Detection Metrics Perimeter Endpoint Internal Network Cloud
Cisco Integrated Security Architecture Vision Security Everywhere Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
Most Security Vendors – Legacy Architecture Vision ??? Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
All Cyber Security Startups Vision Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
Cisco Integrated Security Architecture Vision Security Everywhere Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
Cisco Umbrella Vision Cisco Umbrella Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
Cisco AMP for Endpoints Vision Cisco AMP for Endpoints Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
By 2018, Gartner estimates: 25% of corporate data traffic will bypass perimeter security.
DNS is used by every device on your network.
It all starts with DNS Umbrella Cisco.com 72.163.4.161 DNS = Domain Name System First step in connecting to the internet Precedes file execution and IP connection Used by all devices Port agnostic
Key points Visibility and protection everywhere Deployment in minutes Integrations to amplify existing investments 208.67.222.222 Umbrella (OpenDNS) The fastest and easiest way to block threats Malware C2 Callbacks Phishing
and Here AMP AMP AMP FIREPOWER AMP AMP FIREPOWER Here HereHere Here Here HQ Branch Branch Roaming Off-net AMP Internet LANCOPE AMP 4 FP FIREPOWER AMP AMP AMPAMP AMP AMP Here
Suspicious Domain Owner Server in High Risk Location Dynamic IP Address Domain Registered < 1 Min 192.1.0.68 example .com Example.org17.0.2.12 BeijingLondonSan JoseKiev HTTPSSLHTTPS Domain Registered > 2 Year Domain Registered < 1 Month Web server < 1 Month Who HowWhere When 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010 01 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score
Statistical Models Co-occurrence model Identifies other domains looked up in rapid succession of a given domain Natural language processing model Detect domain names that spoof terms and brands Spike rank model Detect domains with sudden spikes in traffic Predictive IP space monitoring Analyzes how servers are hosted to detect future malicious domains Dozens more models 2M+ live events per second 11B+ historical events
Co-occurrence model Domains guilty by inference a.com b.com c.com x.com d.com e.com f.com time - time + Co-occurrence of domains means that a statistically significant number of identities have requested both domains consecutively in a short timeframe Possible malicious domain Possible malicious domain Known malicious domain
Spike rank model Patterns of guilt y.com DAYS DNSREQUESTS Massive amount of DNS request volume data is gathered and analyzed DNS request volume matches known exploit kit pattern and predicts future attack DGA MALWARE EXPLOIT KIT PHISHING y.com is blocked before it can launch full attack
Cisco Umbrella The fastest and easiest way to block threats 100% uptime Resolves 80B+ DNS requests daily with no added latency 7M+ unique malicious destinations blocked across 25 data centers Prevents malware, phishing, C2 callbacks over any port Identify cloud & IoT usage risks URL filtering Proxy risky domains / SSL Decryption for file inspection using AV and AMP Enforcement per internal IP and AD user/group API Investigate – Threat intelligence on all domains, IPs, File Hashes
Visibility and protection for all activity, anywhere HQ Mobile Branch Roaming IoT ALL PORTS AND PROTOCOLS ON-NETWORK OFF-NETWORK Umbrella All office locations Any device on your network Roaming laptops Every port and protocol
First line of defense against internet threats Cisco Umbrella See Visibility to protect access everywhere Learn Intelligence to see attacks before they launch Block Stop threats before connections are made
Most Innovative Security Product Of 2017
Trusted by enterprises worldwide Fortune 500 companies in retail, healthcare, energy, and entertainment Over 600 leading professional services including law and consulting firms Over 500 leading finance, banking, and insurance companies Over 500 leading manufacturing and technology companies
AMP : Next Gen Endpoint Protection Windows OS Android Apple iOS Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints NetworkEdge AMP for Endpoints AMP for Endpoints Remote Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® Advanced Malware Protection Protection Across the Extended Network
What's different between Next-Gen Endpoint Security, vs Traditional AV?
How has the threat landscape changed, and why are these next-gen technologies important in protecting against the latest threats? • The volume of malware, and its ability to mutate and disguise itself in new ways, has become extraordinary. • The attackers have become more sophisticated. Businesses are no longer just protecting against a computer getting infected. Now they're protecting against their business being breached.
Nyetya, Petyam, WannaCry and other sophisticated ransomware • The WannaCry attack took advantage of a recently-patched Windows vulnerability to spread via the network, and then dropped previously-unseen malware that encrypted users' files. • This shows that a comprehensive security program, that covers everything from your users' behavior to what enters your organization via email or web to how your endpoints are protected, is critical.
Machine Learning • Machine learning does not rely on signatures, it can stop malware that has never been seen before by determining how similar it is to the universe of known threats. • Machine learning is best when trained on very large data sets that have been analyzed and accurately categorized by experts. • Machine learning has the ability to detect both known and unknown malware before the file executes
User and entity behavior analytics (UEBA) • User and entity behavior analytics (UEBA) is great at detecting anomalies, • The key to UEBA is that it is attempting to see what is normal and what is abnormal for a specific user, versus a universal population
Cisco AMP for Endpoints now introduces “exploit prevention” capabilities that will defend your endpoints from file-less attacks that use memory injection on unpatched software vulnerabilities. These types of attacks include: •web-borne attacks, such as Java exploits that use shellcode to run payload •malicious Adobe and Office document files •malicious sites containing Flash, Silverlight and Javascript attacks •vulnerabilities exploited by file-less and non-persistent malware •zero-day attacks on software vulnerabilities yet to be patched •ransomware, Trojans, or macros using in-memory techniques AMP for Endpoints - Exploit Prevention to Stop File-Less Attacks
· Microsoft Excel Application · Microsoft Word Application · Microsoft PowerPoint Application · Microsoft Outlook Application · Internet Explorer Browser · Mozilla Firefox Browser · Google Chrome Browser · Microsoft Skype Application · TeamViewer Application · VLC Media player Application · Microsoft Windows Script Host · Microsoft Powershell Application · Adobe Acrobat Reader Application · Microsoft Register Server · Microsoft Task Scheduler Engine Some of the more common processes that Cisco AMP for Endpoints protects include: AMP for Endpoints - Exploit Prevention to Stop File-Less Attacks
Malicious Activity Protection (or MAP) defends your endpoints from ransomware attacks • observes the behavior of running processes • identifies malicious actions of processes when they execute and • stops them from encrypting your data.
The need for next-gen endpoint security • Next-gen endpoint protection is a valuable part of this multi-layered strategy. • Machine learning detects and stops previously unseen malware. • Behavior-based protection catches ransomware “in the act” and prevents files from being encrypted. • Exploit Prevention to stop file-less attacks. • Malicious Activity Protection
What do you get with AMP for Endpoints ? Includes Antivirus and 0day threat detection Identifies Known and unknown threats Continuous Visibility into File Activity, File Operations, processes Vulnerabilities Visibility both On and Off the Network Quarantine Threats on the Endpoint Prevention, Monitoring + Detection, Response
Track active processes and see history
What do you get with AMP for Endpoints ? File Reputation Exploit Prevention Machine Learning Malicious Activity Protection Sandboxing Indications of Compromise AV Engine Continuous Analysis Command Line Visibility
What do you get with AMP for Endpoints ? File Reputation Exploit Prevention Machine Learning Malicious Activity Protection Sandboxing Continuous Analysis AV Engine Command Line Visibility Indications of Compromise
Compare Endpoint Security Solutions https://www.cisco.com/c/m/en_us/products/security/advanced-malware- protection/competitive-comparison.html
AMP : Third Party Validation
IDC Names Cisco AMP for Endpoints a Leader in 2017 Endpoint Security Marketscape https://blogs.cisco.com/security/idc-names-cisco-amp-for-endpoints-a-leader-in-2017-endpoint- security-marketscape https://engage2demand.cisco.com/LP=3933 IDC Names Cisco AMP for Endpoints a Leader in 2017 Endpoint Security Marketscape
Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 1. Firepower
Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint
Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint 3. Email Security 3. Email Security
Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE)
Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE) 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 5. Stealthwatch 5. Stealthwatch
Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE) 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 5. Stealthwatch 6. Cloud Security 5. Stealthwatch 6. Cloud Security
Network ISR/ASR Advanced Malware Umbrella Web W W W ISE Email NGFW/ NGIPS Threat Grid Stealthwatch Event Threat Intel Policy Context Meraki Cloudlock Solution Integration: Cisco Portfolio
Nikos Mourtzinos, Cyber Security Sales Specialist nmourtzi@cisco.com Linkedin nmourtzi Twitter: @nmourtzinos
Ad

Recommended

Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
ChandanChandu928137
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed
 
Using macros in microsoft excel part 1
Using macros in microsoft excel part 1Using macros in microsoft excel part 1
Using macros in microsoft excel part 1
Er. Nawaraj Bhandari
 
Internet of Things(IOT)_Seminar_Dr.G.Rajeshkumar
Internet of Things(IOT)_Seminar_Dr.G.RajeshkumarInternet of Things(IOT)_Seminar_Dr.G.Rajeshkumar
Internet of Things(IOT)_Seminar_Dr.G.Rajeshkumar
RAJESHKUMARG12
 
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
A basic PPT on Internet Of Things(IOT)
A basic PPT on Internet Of Things(IOT)A basic PPT on Internet Of Things(IOT)
A basic PPT on Internet Of Things(IOT)
jaswinder singh thind
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
Sophos
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
bdemchak
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Ad

More Related Content

What's hot (20)

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
Sophos
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
bdemchak
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
Sophos
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
bdemchak
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 

Similar to Cisco Security Presentation (20)

Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Netpluz Asia Pte Ltd
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
Cisco Russia
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
PT Datacomm Diangraha
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
Vladyslav Radetsky
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
Cisco Canada
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
Ivanti
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
Cisco Canada
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Netpluz Asia Pte Ltd
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
Cisco Russia
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
PT Datacomm Diangraha
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
Vladyslav Radetsky
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
Cisco Canada
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
Ivanti
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
Cisco Canada
 
Ad

Recently uploaded (20)

Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Automation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From AnywhereAutomation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From Anywhere
Lynda Kane
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your UsersAutomation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Lynda Kane
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Hands On: Create a Lightning Aura Component with force:RecordData
Hands On: Create a Lightning Aura Component with force:RecordDataHands On: Create a Lightning Aura Component with force:RecordData
Hands On: Create a Lightning Aura Component with force:RecordData
Lynda Kane
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Asthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdfAsthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdf
VanessaRaudez
 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Automation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From AnywhereAutomation Dreamin': Capture User Feedback From Anywhere
Automation Dreamin': Capture User Feedback From Anywhere
Lynda Kane
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your UsersAutomation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Lynda Kane
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Hands On: Create a Lightning Aura Component with force:RecordData
Hands On: Create a Lightning Aura Component with force:RecordDataHands On: Create a Lightning Aura Component with force:RecordData
Hands On: Create a Lightning Aura Component with force:RecordData
Lynda Kane
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Asthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdfAsthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdf
VanessaRaudez
 
Ad

Cisco Security Presentation

  • 1. Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist March 2018 How to build a multi-layer Security Architecture to detect and remediate threats in real time
  • 2. Cisco Strategy Umbrella AMP for Endpoints Multi-layer Security Architecture Agenda
  • 3. Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Metrics
  • 4. Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Metrics
  • 5. Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Metrics Perimeter Endpoint
  • 6. Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Detection Metrics Perimeter Endpoint
  • 7. Cisco Integrated Security Architecture Vision ??? Strategy Hardware Software Execution Threat Prevention Detection Metrics Perimeter Endpoint Internal Network Cloud
  • 8. Cisco Integrated Security Architecture Vision Security Everywhere Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 9. Most Security Vendors – Legacy Architecture Vision ??? Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 10. All Cyber Security Startups Vision Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 11. Cisco Integrated Security Architecture Vision Security Everywhere Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 12. Cisco Umbrella Vision Cisco Umbrella Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 13. Cisco AMP for Endpoints Vision Cisco AMP for Endpoints Strategy Hardware Software Xware Execution Threat Prevention Detection Containment Response Metrics Perimeter Endpoint Internal Network Cloud
  • 14. By 2018, Gartner estimates: 25% of corporate data traffic will bypass perimeter security.
  • 15. DNS is used by every device on your network.
  • 16. It all starts with DNS Umbrella Cisco.com 72.163.4.161 DNS = Domain Name System First step in connecting to the internet Precedes file execution and IP connection Used by all devices Port agnostic
  • 17. Key points Visibility and protection everywhere Deployment in minutes Integrations to amplify existing investments 208.67.222.222 Umbrella (OpenDNS) The fastest and easiest way to block threats Malware C2 Callbacks Phishing
  • 18. and Here AMP AMP AMP FIREPOWER AMP AMP FIREPOWER Here HereHere Here Here HQ Branch Branch Roaming Off-net AMP Internet LANCOPE AMP 4 FP FIREPOWER AMP AMP AMPAMP AMP AMP Here
  • 19. Suspicious Domain Owner Server in High Risk Location Dynamic IP Address Domain Registered < 1 Min 192.1.0.68 example .com Example.org17.0.2.12 BeijingLondonSan JoseKiev HTTPSSLHTTPS Domain Registered > 2 Year Domain Registered < 1 Month Web server < 1 Month Who HowWhere When 111010000 110 0001110 00111 010011101 11000 0111 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010 01 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 IP Reputation Score
  • 20. Statistical Models Co-occurrence model Identifies other domains looked up in rapid succession of a given domain Natural language processing model Detect domain names that spoof terms and brands Spike rank model Detect domains with sudden spikes in traffic Predictive IP space monitoring Analyzes how servers are hosted to detect future malicious domains Dozens more models 2M+ live events per second 11B+ historical events
  • 21. Co-occurrence model Domains guilty by inference a.com b.com c.com x.com d.com e.com f.com time - time + Co-occurrence of domains means that a statistically significant number of identities have requested both domains consecutively in a short timeframe Possible malicious domain Possible malicious domain Known malicious domain
  • 22. Spike rank model Patterns of guilt y.com DAYS DNSREQUESTS Massive amount of DNS request volume data is gathered and analyzed DNS request volume matches known exploit kit pattern and predicts future attack DGA MALWARE EXPLOIT KIT PHISHING y.com is blocked before it can launch full attack
  • 23. Cisco Umbrella The fastest and easiest way to block threats 100% uptime Resolves 80B+ DNS requests daily with no added latency 7M+ unique malicious destinations blocked across 25 data centers Prevents malware, phishing, C2 callbacks over any port Identify cloud & IoT usage risks URL filtering Proxy risky domains / SSL Decryption for file inspection using AV and AMP Enforcement per internal IP and AD user/group API Investigate – Threat intelligence on all domains, IPs, File Hashes
  • 24. Visibility and protection for all activity, anywhere HQ Mobile Branch Roaming IoT ALL PORTS AND PROTOCOLS ON-NETWORK OFF-NETWORK Umbrella All office locations Any device on your network Roaming laptops Every port and protocol
  • 25. First line of defense against internet threats Cisco Umbrella See Visibility to protect access everywhere Learn Intelligence to see attacks before they launch Block Stop threats before connections are made
  • 26. Most Innovative Security Product Of 2017
  • 27. Trusted by enterprises worldwide Fortune 500 companies in retail, healthcare, energy, and entertainment Over 600 leading professional services including law and consulting firms Over 500 leading finance, banking, and insurance companies Over 500 leading manufacturing and technology companies
  • 28. AMP : Next Gen Endpoint Protection Windows OS Android Apple iOS Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints NetworkEdge AMP for Endpoints AMP for Endpoints Remote Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® Advanced Malware Protection Protection Across the Extended Network
  • 29. What's different between Next-Gen Endpoint Security, vs Traditional AV?
  • 30. How has the threat landscape changed, and why are these next-gen technologies important in protecting against the latest threats? • The volume of malware, and its ability to mutate and disguise itself in new ways, has become extraordinary. • The attackers have become more sophisticated. Businesses are no longer just protecting against a computer getting infected. Now they're protecting against their business being breached.
  • 31. Nyetya, Petyam, WannaCry and other sophisticated ransomware • The WannaCry attack took advantage of a recently-patched Windows vulnerability to spread via the network, and then dropped previously-unseen malware that encrypted users' files. • This shows that a comprehensive security program, that covers everything from your users' behavior to what enters your organization via email or web to how your endpoints are protected, is critical.
  • 32. Machine Learning • Machine learning does not rely on signatures, it can stop malware that has never been seen before by determining how similar it is to the universe of known threats. • Machine learning is best when trained on very large data sets that have been analyzed and accurately categorized by experts. • Machine learning has the ability to detect both known and unknown malware before the file executes
  • 33. User and entity behavior analytics (UEBA) • User and entity behavior analytics (UEBA) is great at detecting anomalies, • The key to UEBA is that it is attempting to see what is normal and what is abnormal for a specific user, versus a universal population
  • 34. Cisco AMP for Endpoints now introduces “exploit prevention” capabilities that will defend your endpoints from file-less attacks that use memory injection on unpatched software vulnerabilities. These types of attacks include: •web-borne attacks, such as Java exploits that use shellcode to run payload •malicious Adobe and Office document files •malicious sites containing Flash, Silverlight and Javascript attacks •vulnerabilities exploited by file-less and non-persistent malware •zero-day attacks on software vulnerabilities yet to be patched •ransomware, Trojans, or macros using in-memory techniques AMP for Endpoints - Exploit Prevention to Stop File-Less Attacks
  • 35. · Microsoft Excel Application · Microsoft Word Application · Microsoft PowerPoint Application · Microsoft Outlook Application · Internet Explorer Browser · Mozilla Firefox Browser · Google Chrome Browser · Microsoft Skype Application · TeamViewer Application · VLC Media player Application · Microsoft Windows Script Host · Microsoft Powershell Application · Adobe Acrobat Reader Application · Microsoft Register Server · Microsoft Task Scheduler Engine Some of the more common processes that Cisco AMP for Endpoints protects include: AMP for Endpoints - Exploit Prevention to Stop File-Less Attacks
  • 36. Malicious Activity Protection (or MAP) defends your endpoints from ransomware attacks • observes the behavior of running processes • identifies malicious actions of processes when they execute and • stops them from encrypting your data.
  • 37. The need for next-gen endpoint security • Next-gen endpoint protection is a valuable part of this multi-layered strategy. • Machine learning detects and stops previously unseen malware. • Behavior-based protection catches ransomware “in the act” and prevents files from being encrypted. • Exploit Prevention to stop file-less attacks. • Malicious Activity Protection
  • 38. What do you get with AMP for Endpoints ? Includes Antivirus and 0day threat detection Identifies Known and unknown threats Continuous Visibility into File Activity, File Operations, processes Vulnerabilities Visibility both On and Off the Network Quarantine Threats on the Endpoint Prevention, Monitoring + Detection, Response
  • 39. Track active processes and see history
  • 40. What do you get with AMP for Endpoints ? File Reputation Exploit Prevention Machine Learning Malicious Activity Protection Sandboxing Indications of Compromise AV Engine Continuous Analysis Command Line Visibility
  • 41. What do you get with AMP for Endpoints ? File Reputation Exploit Prevention Machine Learning Malicious Activity Protection Sandboxing Continuous Analysis AV Engine Command Line Visibility Indications of Compromise
  • 42. Compare Endpoint Security Solutions https://www.cisco.com/c/m/en_us/products/security/advanced-malware- protection/competitive-comparison.html
  • 43. AMP : Third Party Validation
  • 44. IDC Names Cisco AMP for Endpoints a Leader in 2017 Endpoint Security Marketscape https://blogs.cisco.com/security/idc-names-cisco-amp-for-endpoints-a-leader-in-2017-endpoint- security-marketscape https://engage2demand.cisco.com/LP=3933 IDC Names Cisco AMP for Endpoints a Leader in 2017 Endpoint Security Marketscape
  • 45. Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 1. Firepower
  • 46. Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint
  • 47. Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint 3. Email Security 3. Email Security
  • 48. Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE)
  • 49. Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE) 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 5. Stealthwatch 5. Stealthwatch
  • 50. Security ArchitectureNetworkEdge 1. Firepower 1. FMC Management, Reporting, Analytics 2. AMP for Endpoints Remote Endpoints Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for servers and datacenters EndpointsEndpoints 2. AMP for Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® 3. Email Security 4. Cisco Identity Services Engine (Cisco ISE) 1. Firepower 2. AMP for endpoint 3. Email Security 4. ISE 5. Stealthwatch 6. Cloud Security 5. Stealthwatch 6. Cloud Security
  • 51. Network ISR/ASR Advanced Malware Umbrella Web W W W ISE Email NGFW/ NGIPS Threat Grid Stealthwatch Event Threat Intel Policy Context Meraki Cloudlock Solution Integration: Cisco Portfolio
  • 52. Nikos Mourtzinos, Cyber Security Sales Specialist [email protected] Linkedin nmourtzi Twitter: @nmourtzinos