Cisco on Cisco: Why Security is the Heart of our Approach

Cisco Confidential© 2015 Cisco and/or its affiliates. All rights reserved. 1
Cisco-on-Cisco:
Why Security is the
Heart of our Approach
Steve Martino
VP, Chief Information Security Officer
May 19, 2016

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
What Does 2030 Look Like?
‘‘There will be more than 500B connected devices in 2030’’
Connectable ThingsSmartphones Connected Devices
CAGR 2014-2030
Connections
per Human
Software IT
Spending
Cloud Software
CAGR 2014-2030
per Human
2.5T6.1B 18.5 % 26
$820B 17.1 % 10.4 Zettabytes 13.6 Terabytes
2019 Global
IT Traffic

Digitization Drives Growth…
and Requires Strong Cybersecurity
“My organization halted a mission-critical initiative
due to Cybersecurity fears.”…39% Agree
Survey Survey
How important is digitization
to your current growth strategy?
How much does the success
of digitization depend on strong cybersecurity?
69%
27%
Very important
Moderately important 64%
32%
Significant driver of success
Moderate driver of success

Security Breaches on the Rise
Source: PWC Information Security Breaches Survey 2015
Awareness
Training
Security
Spend
up 65% up 53%
Security
Breaches
up 81%
90%
Staff
Related
up 58%
75%
Human
Error
up 31%
50%
Unauthorized
Outsider
up 55%
69% 72% 44%
Large Organizations Suffering Breaches Reactions to Breaches

Well Publicized Security Breaches
Victim industry (filtered for network intrusions)
21.7% 12.2% 10.4% 9.9% 9.9% 8.1% 6.1% 22%
Retail
Manufacturing
Information
Food Services
Professional
Finance
Transportation
Unknown
Source: Verizon Data Breach Report

500B Devices Connected by 2030
$19T
Opportunity
Digital Disruption,
Massive Scale
Active
Adversaries
Security
Attack surface
Threat Actors
Attack Sophistication
Increasingly harder to detect
sophisticated threats
A Board level issue
Cloud must be Secure
No Device Type is Safe
Changing
Business Models
Dynamic Threat
Landscape
Pervasive Security
is Imperative
Security Challenges

Security: Cisco’s #1 Priority
“ We Securely Connect
Everything to Make
Anything Possible”

“ Become the
#1 Trusted IT Partner
in the World”

“ Requires a
Trustworthy Company
to Deliver Secure IT”

Security is not a Business Obstacle to Success
Security is a Business Enabler

Cisco’s Commitment to Security
Cisco’s #1
Priority
Billions
Invested
#1
Cybersecurity
Solutions
Provider
5K
People
Strong
Cognitive
Sourcefire
ThreatGRID
Neohapsis
OpenDNS
Portcullis
Lancope
Broad/Deep
Portfolio
Expanded
Services
Capabilities
Trusted
Advisor
Effective
Automated
Open
Simple
Securely
Connect
Everything
to Make
Anything
Possible

A Portfolio of Trust: The Differentiator
A Holistic Approach to Trust that Differentiates Cisco – the Six Pillars
Security
and Trust
Trusted
Enterprise
Customer Data
Protection
Transparency
and Validation
Trusted
Cloud
Trustworthy
Systems
Value Chain
Security

Trustworthy Systems
Technology
Secure
Process
Secure
Standards
Trusted Systems – Foundation of Trust
Process Policy
CSDL
Technology
ISO 27034
FIPS/USGv6
TCG
Visibility and Control
Secure Communications
Platform Integrity
Perform
GAP
Analysis
Register and
Update 3rd
Party
Software
Identify and
Address
Security
Threats
Prevent
Security
Attacks
Detect
Security
Defects
Validate
Requirements
and Resiliency
Lifecycle/Security Baseline Information Assurance (IA)Common Modules and Hardware

Growing Cloud Infrastructure
The Future
69 current cloud offerings growing to over 200 in
the next few years – 40% YoY growth
• Much of the growth is coming in the from of
existing On-Prem products moving to the Cloud
(i.e. Cloud VPN, Cloud MPLS, Cloud iWAN)
Success Today
Customers are now outsourcing to Cloud at an
accelerated rate. Not just in the number of capabilities
outsourced, but accelerating the transaction volume
18M+
WebEx meetings per month –
14% YoY growth
70M+
WebEx meeting attendees per month –
18% YoY growth
1B+
WebEx audio minutes per month –
47% YoY growth
4B+
WebEx meeting minutes per month –
24% YoY growth

Cloud Security Model to Drive Trust
Cloud Security Lifecycle
• Security Standards and
Architectures
• Threat Analysis and Protection
• Common Secure Services
Build
• Data Encryption and Protection
• Intrusion Detection and
Prevention Systems
• Security Governance
Operate
• Self Service Customer
Transparency
• Secure Cloud Supply Chain
• Application Layer Data and
Event Monitoring
Monitor
69 Clouds in Development or Operation
Continuous Security Automation

Trusted Enterprise: What We Must Protect
122K Workforce
170 Countries
~3M IP Addresses
215K Infra Devices
275K Total Hosts
2500+ IT Applications
26K Remote Office Connections
via Cisco Virtual Office
16 major Internet connections
~32 TB bandwidth used daily
1350 Labs
160+ Acquisitions
300 partner extranet connections
400 Cloud ASPs
WebEx, Meraki, OpenDNS and
Growing Portfolio of Offers

How Well are You Dealing with Threats?
• Social networking attacks
• Targeted spear phishing and Trojans
• Compromised hosts/remotely controlled
• Nation state attacks
Advanced Threats
• Managed/Unmanaged desktops
• Generic Spam/Malware
• DDoS
• Rapidly changing environment
Security Challenges
• Expanded data collection
• NetFlow, IP Attribution, DNS…
• Big data analytics and playbooks
• Rapid containment
• DNS/RPZ, Quarantine, On-line
host forensics
• Threat/situational awareness
Evolving Solutions
• Anti-virus
• NGFirewall/IDS/IPS
• IronPort WSA/ESA
• DLP
• Identity/Access
• Network segmentation
Foundational Solutions
5%
95%

One Day Defending Cisco
4TB
Data Collected
and Analyzed
NetFlow Analyzed
p/day
(Lancope)
15B
Traffic Inspected
p/day
27TB
Alerts p/day
(NG-IPS)
1.5M
Network
Events
1.7T
10K
Files Analyzed
p/day
(ThreatGRID)
5.8B
DNS Records
p/day
6M
Web Transactions
Blocked p/day
(WSA)
425
Devices Detecting and
Preventing Incidents
4.1M
Email Transactions
Blocked p/day
(ESA)

Who, What, Where,
When and…
Confidential
Data
Damage the brand
Exploit the Network
Steal
Customer
Data
Pivot Through
us to Attack
Customers
Fraud
Steal IP
Game the
Stock Price
Industrial Espionage
How

Analytics
Security Events
Business
Policies and
Procedures
Network
Instrumentation
Controls
Accountability
Security Metrics
Firewalls, Proxies,
ID/Access, Segmentation
ISMS to manage Risk
Across the Enterprise
Security Aligned to
Business/Tech Changes
Detects and
Remediate Threats
Foundation: People – Process - Technology
IT and Business Partnerships
Understanding of Threat Landscape and Critical Assets
Operationalizing Security

Security Policies
Integral part of Code of Business Conduct
• Information Security
• Acceptable Use
• Data Protection
• Access Management
• Password Management
• Network Access
• Application Security
• Server Security
• Computer Security Incident
Management
• Cloud Service Provider
• Cryptographic Controls
• Intellectual Assets Protection
• Lab Security
• Audit
Policy Creation
Policy
Implementation
CISO CIO
Aligns with ISO; maps to NIST, Others
People/Process/Tech
Partnership
Threat & Assets

Phishing Campaign
Q1
New Doctor
Q2
Background Check
Q3
Account Closing
Q4
Plan Recruitment
Cisco 13% 19% 10% 5%
Information Security 1% 8% 6% 1%
• Phishing is #1 source of endpoint compromise
• Different levels of sophistication and difficulty
each quarter
• Remember it only takes one Phish to
compromise YOU
People/Process/Tech
Partnership
Threat & Assets

Expanding Accountability
Services security primes
Service
Executive
1 or more primes
Service Owner
1 or more primes
Service Security
Prime
• CSO of the
Service
• Single point of
accountability
• Increase
communication
and awareness
around security
Partner Security
Architect
InfoSec Team
• Security SMEs
• Security architecture reviews
• Trusted advisors
• Establishes security
technology baselines
• Formal approval
for exceptions
• Establishes corporate
security policies and
guidelines
People/Process/Tech
Partnership
Threat & Assets

Balancing Operational
Requirements vs. Enhancements
Service Owner
Score Cards
*Pending
Service Execs
Vulnerabilities
and Performance
*Trending
CIO
Unified
Services Metrics
*Aging and Trending
People/Process/Tech
Partnership
Threat & Assets

Devices
Firewalls
Intrusion Detection and Prevention (IPS)
Email and Web Security
Anti Virus Identity and Access
VPN
Security Information
and Event Monitoring
Exploit
Trusted
Layer
Traditional Defense in Depth Approach
Trusted
Platform
Virtualized
Environment
Network
Environment
People/Process/Tech
Partnership
Threat & Assets

Devices
Firewalls
Intrusion Detection and Prevention (IPS)
Email and Web Security
Anti Virus Identity and Access
VPN
Security Information
and Event Monitoring
Exploit
Trusted
Layer
Next Wave of Security – Trusted Enterprise
ExternalizedPerimeter
Active ResponseIntegrated Threat
Defense
Any Device
Trusted
Platform
Virtualized
Environment
Network
Environment
People/Process/Tech
Partnership
Threat & Assets

Product As a Service
Meeting Place On-Prem
Hosted Collaboration
Call Manager On-Prem
Team Collaboration IWE
(WebEx Social)
Documentation In-House
140
182
237
308
400
0
100
200
300
400
500
2011 2012 2013 2014 2015
NumberofProviders
CAGR
= 30%
Cloud Providers
Hosted Unified
Communications
in the cloud
Cisco Enterprise Journey to Cloud

Privacy and Data
Security
Application
Security
Infrastructure
Security
Authentication
Authorization
Vulnerability
Management
Logging and
Auditability
Support and
Operations
Incident Analysis
and Forensics
Business
Continuity and
Resiliency
Externalized Perimeter
Next Wave – Enabling Clouds
(Cloud Assessment and Service Provider Remediation)

Cloud Vendors: CASPR Models
CASPR StandardCASPR
Lite
CASPR
Plus
Data Classification
Infrastructure
Business and
Risk Impact
Cisco Public or
Cisco Confidential only
Integration with Cisco
Internal networks not
permitted: (Examples: SSO,
VPN, Database
to Database connectivity)
Low and Medium
(Primarily focused on the
SaaS)
Cisco Public, Cisco
Confidential Only, Cisco
Highly Confidential,
or Cisco Restricted
All integration and
deployment models are
accepted dependent on
further review
Low and Medium
Risk CSPs
Cisco Highly Confidential or
Cisco Restricted only
All integration and
deployment models are
accepted dependent on
further review
High
(Monetary damage greater
than $400mil. The need for
continuous monitoring of
technical controls)

Growths based on a 3 month period (including some other device types)
18 month Sparkline
135,074
Laptops & Desktops
(COD or BYOD)
Any Device
Diversity of Cisco Users | As of January 2016
87,864
-0.5% Growth
10,107
-1.6% Growth
37,103
-0.6% Growth
68,344*
Mobile Devices
(BYOD)
380
-5.0% Growth
471
-11.1% Growth
11,056
0.6% Growth
40,850
0.2% Growth
15,587
-1.3% Growth

Trusted Device
More controls needed to scale
access and services
Remote Wipe (Cisco Data)
Anti-Malware
Encryption (Cisco Data)
Minimum OS
Software Patching
Rooted Device Detection (Mobile
Devices Only)
Device Registration
Password/Screen-lock Enforcement
Hardware/Software Inventory
Any Device
Next Wave - Trusted Device

Any Device
ISE Enabled
Differentiated Access
Trusted Device
More controls needed to
scale access and services
Remote Wipe (Cisco Data)
Anti-Malware
Encryption (Cisco Data)
Minimum OS
Software Patching
Rooted Device Detection (Mobile
Devices Only)
Device Registration
Password/Screen-lock Enforcement
Hardware/Software Inventory
Identity Application and Data Network
Content
Workforce
Data
ID Management
Cisco ISE
Devices
Instant
Messaging
Conferencing
Tagging
SDN
Cisco pxGrid
Policy
Management
Next Wave – Trusted Device and Differentiated Access

1% of all WSA
transactions blocked
Web and Email
Security Appliances
AMP for Networks
4
1
5
2
6
3
7 8
UCS
C220 M4
Intel
Inside
XEO N
Console!
4
1
5
2
6
3
7 8
UCS
C220 M4
Intel
Inside
XEO N
Console!
FireSight Management Center
Threat Grid AMP for Endpoints
NG-IPS 83xx and
VM series deployed
Passive and Inline
capabilities
25K+ quarterly alerts80 WSAs/
30 ESA Deployed
3K+ email files blocked
by AMP monthly
14 TG appliances
Deployed
On-Prem
Sandboxing
Eight Global Appliances Deployed
10K+ files analyzed
every 24hrs.
Analytics
Engine
Machine
Learning Engine
10K+ agents
deployed
Maximizing Existing
Investments
13 iPOPs
**Deployment Progress Completion (%)
50%**
10%**
100%**
100%**
100%**
Cloud Enabled
AMP &Threat Grid
Integrated Threat
Defense
Next Wave – Integrated Threat Defense

Playbook
Information
Sharing
Network
Services
Detection
Tools
Collect/Analyze
1.2T events throughout
network
47TB traffic inspected
15B NetFlows
analyzed/day
4.8B DNS records
4TB data collected and
analyzed
~200 Plays
Active
ResponseNext Wave – Security Analytics
Enabling Active Response to Threats
Mitigate Remediate

Digitization and Threats Security the Enabler
Business, IT and Security
Partnership Required –
Alignment and
Risk Management
Holistic and Balance
Approach Require
95/5
Instrument the Network
Visibility to remediate
threats/attacks
Trusted Partner Cisco
Cisco Confidential 36
Key Takeaways

Cisco on Cisco: Why Security is the Heart of our Approach

Recommandé

Recommandé

Contenu connexe

Plus de Cisco Canada

Plus de Cisco Canada (20)

Dernier

Dernier (20)

Cisco on Cisco: Why Security is the Heart of our Approach