Duo Access Gateway (SAML): Cisco ASA Only

Total Page:16

File Type:pdf, Size:1020Kb

Duo Access Gateway (SAML): Cisco ASA Only #CLMEL Duo Security: Journey toward Zero Trust Karl Lewis, Solutions Engineer - APJC BRKSEC-2718 #CLMEL BRK-2718 Cisco Webex Teams Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space cs.co/ciscolivebot#BRKSEC-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Agenda • Introduction • Where did Zero-Trust come from? • Why are traditional approaches Failing? • How does Zero-Trust address these new challenges? • What does the journey look like? Where do I get value? • Use Cases and Architecture– How does it really work? • Live Demo and Integrations discussion. • Q&A BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Different Words, Similar Ideas John Kindervag at Forrester describes a “Zero Trust model” 2009 2003-ish 2013 The Jericho Forum Google talks about their first discusses “de- implementation, called perimeterization” “BeyondCorp” #CLMEL © 2019BRK Cisco-2718 and/or its affiliates. All rights reserved. Cisco Public Don’t trust something just because it’s on the “inside” of your firewall. It doesn’t mean you don’t need a firewall. #CLMEL BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public BRK-2718 Traditional approaches to security are falling short. A Castle Wall only works when everything you need to protect is: INSIDE And the attackers are: OUTSIDE © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public The New IT Reality It’s more difficult to establish user and device trust Apps are available 1 on-premises plus via IaaS and SaaS Employees, contractors, others 2 access these apps with BYOD and mobile devices Attackers most often cause data breaches by directly accessing 3 these apps via compromised passwords and devices #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Security Risks Persist with Traditional MFA Poorly deployed and cannot support all applications; exposing security gaps 81% of breaches leverage either stolen or weak Cumbersome tokens and passwords one-time passwords; Source: Verizon, 10th edition of the not user friendly Data Breach Investigations Report #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Compromised Devices Can Access Your Data Admin lack time to patch all corporate (managed) devices % End users access data with 99 of vulnerabilities exploited personal (unmanaged) devices will be ones known by security team for at least one year (through 2021) End users don’t want admins to Source: Gartner, Dale Gardner, 2018 take control of personal devices Security Summit #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. 1 2 How do you stop How do you prevent attacks that use devices with poor security stolen (yet legitimate) hygiene from accessing credentials? critical apps? #CLMEL BRK-2718 A New Model for Security: Duo Trusted Access Trusted Users Strong user authentication for all types of users. Visibility and Policies Every Application Trusted Devices Consistent user experience Establish device for every application trust without agents #CLMEL BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Many deployments are limited or not user friendly Cloud-silo SDP-silo Identity-silo EMM-silo providers providers providers providers Prioritize securing Must deploy new Offer limited app Require device access to just their agents on all coverage and control, including single cloud endpoints device visibility BYO, for trust SDP = Software-Defined Perimeter | EMM = Enterprise Mobility Management #CLMEL BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public BRK-2718 Zero Trust “Beyond” Concept ● Assume every access attempt originates from an untrusted network. ● Protect every application in the same manner regardless of where hosted or how it’s accessed. ● Enable every worker to work successfully from untrusted networks without needing a client VPN. ● Manage the privileges for any application access. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Duo Beyond Enable the rapid adoption of the zero trust architecture by deploying its core components through a single, extensible platform #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Zero-Trust Maturity Model Duo Beyond Enable every employee to work securely from untrusted networks without the use of a VPN. Assume all networks are untrusted. Migration of access 5 Zero-Trust security policies from the network to the application. Duo Beyond Securely enable complete BYOD and mobility for all 4 Inspect Devices for Trust employees. Allow or deny a device trying to connect to a work application based on the device trust level and policy. Duo Access Protect access to applications by creating and 3 Enable Adaptive Policies enforcing adaptive risk based policies. Tier applications, users and devices based on risk. Duo Access Create an inventory of all devices used to 2 Gain Visibility Into Devices & Activity access work applications. Understand application access activity and risks. Duo MFA Protect from compromised 1 Verify Users for Trust credentials. Enable strong authentication for all apps/users #CLMEL BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Multi-factor authentication Access Remote access and agent(less) assessment policy and app access Benefit: Security Verify identity for any user and hygiene for any device Mobile push Latest verification Profile OS compliant OS Outdated jailbroken browser Patched browser Trustworthiness Fail phishing campaign Time BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Any user/device including third- Access Work apps via SaaS party and personal policy or SD-perimeters Benefit: User Experience Grant easier, safer access Private Apps to specific work apps App Access Single Sign-On Public Apps User+Device BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Time to get technical! Duo never touches the primary authentication Core service and policy engine is always in the • Duo Push cloud • Mobile Passcode • Phone, SMS • HOTP Token • U2F/WebAuthN • Bypass #CLMEL BRK-2718 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Secure Any Corporate Application #CLMEL BRK-2718 Integration documents are available at duo.com/docs Duo MFA Supports Your Work Applications Start Here Then Expand VPN RA Multicloud Email/MSFT On-Prem SSO Custom REST APIS WEB SDK RADIUS SAML RRAS OIDC Learn more about application integrations #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Cisco + Duo Better Together. #CLMEL BRK-2718 Duo & AnyConnect Secure Remote Access ● Secure AnyConnect in < 30 minutes ● Users authentication in seconds ● Works with AnyConnect thick client & SSL VPN ● Several integration options ● *AVAILABLE ON* ASA and FTD #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Duo and AnyConnect: Integration options ASA FTD/ASA Use Duo Access Use Duo Auth Gateway (SAML) for Proxy (Radius). ASA. Best user User receives experience + Trusted automatic push. Endpoints soon Consider for older versions and FTD. #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Duo Access Gateway (SAML): Cisco ASA only Requirements: 1. A SAML gateway such as Duo Access Gateway (DAG) for SSO. Read more here. 2. ASA version of 9.7.1.24, 9.8.2.28, 9.9.2.1 or higher of each release 3. AnyConnect 4.6 or later. Learn more about AnyConnect SAML integration #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Duo Access Gateway (SAML): Cisco ASA only (Demo) #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. RADIUS: Available with Cisco ASA or FTD Requirements 1. Cisco ASA 8.3 or later 2. Cisco FTD 6.3 or later 3. Duo Auth proxy Learn more about AnyConnect RADIUS integration CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. RADIUS: Available with Cisco ASA or FTD (Demo) CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. LDAP: Available with Cisco ASA or FTD (Demo) CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Duo & Cisco ISE Device Posture Cloud SaaS Compliant Device Allow Access MFA Non-compliant Device Self- Remediation / Block Corporate Network Trusted Device Allow Access User MFA Untrusted Device Quarantine Access Cisco ISE Software-defined access policy evolution Zero Trust Approach to Zero Trust Approach to Network Access App Access Cisco Identity Services Engine (ISE) Trusted Access across Hybrid IT Enterprises IoT Access App / Services Mobile & BYOD App / Services Solution Access Solution On-Prem Cloud On-Prem Cloud Head- User + On-Prem ISEISE ISE orISE Duo** Duo less On-Prem ISE ISE Device Device Off-Prem ISEISE*☨ or or Duo Duo*☨ DuoDuo MFA ☨ Integrated with AnyConnect #CLMEL BRK-2718 *Duo Beyond with Network Gateway (i.e. reverse proxy) **Duo Access for BYOD Duo for Microsoft #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Duo Can Easily Secure O365 Duo Access Native SSO and Native Azure-AD Gateway IdP Support Conditional Access 3rd Party Identity Provider On-premises Directory On-premises Integration with DAG/Duo SSO Directory Integration with ADFS Integration with Azure AD #CLMEL BRK-2718 MFA for Windows Login / Remote Desktop (RDP) Learn how to set up Duo's RDP #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. MFA for Windows Login / Remote Desktop (RDP) (Demo) #CLMEL BRK-2718 CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. Temporary Offline Authentication for Windows Executive on a Plane Salesperson at Hotel Vendor at Customer Users need to authenticate with MFA into their machines before they can access internet / secure portal #CLMEL BRK-2718 Supported Auth Methods for Windows Offline Duo Mobile Passcode ● Use the smartphone you own ● Enter one-time passcode #CLMEL BRK-2718 Understanding SAML 2.0 This is SAML #CLMEL BRK-2718 © 2019 Cisco and/or its affiliates.
Recommended publications
  • The Book of Apigee Edge Antipatterns V2.0
    The Book of Apigee Edge Antipatterns Avoid common pitfalls, maximize the power of your APIs Version 2.0 Google Cloud ​Privileged and confidential. ​apigee 1 Contents Introduction to Antipatterns 3 What is this book about? 4 Why did we write it? 5 Antipattern Context 5 Target Audience 5 Authors 6 Acknowledgements 6 Edge Antipatterns 1. Policy Antipatterns 8 1.1. Use waitForComplete() in JavaScript code 8 1.2. Set Long Expiration time for OAuth Access and Refresh Token 13 1.3. Use Greedy Quantifiers in RegularExpressionProtection policy​ 16 1.4. Cache Error Responses 19 1.5. Store data greater than 512kb size in Cache ​24 1.6. Log data to third party servers using JavaScript policy 27 1.7. Invoke the MessageLogging policy multiple times in an API proxy​ 29 1.8. Configure a Non Distributed Quota 36 1.9. Re-use a Quota policy 38 1.10. Use the RaiseFault policy under inappropriate conditions​ 44 1.11. Access multi-value HTTP Headers incorrectly in an API proxy​ 49 1.12. Use Service Callout policy to invoke a backend service in a No Target API proxy 54 Google Cloud ​Privileged and confidential. ​apigee 2 2. Performance Antipatterns 58 2.1. Leave unused NodeJS API Proxies deployed 58 3. Generic Antipatterns 60 3.1. Invoke Management API calls from an API proxy 60 3.2. Invoke a Proxy within Proxy using custom code or as a Target 65 3.3. Manage Edge Resources without using Source Control Management 69 3.4. Define multiple virtual hosts with same host alias and port number​ 73 3.5.
    [Show full text]
  • Economic and Social Impacts of Google Cloud September 2018 Economic and Social Impacts of Google Cloud |
    Economic and social impacts of Google Cloud September 2018 Economic and social impacts of Google Cloud | Contents Executive Summary 03 Introduction 10 Productivity impacts 15 Social and other impacts 29 Barriers to Cloud adoption and use 38 Policy actions to support Cloud adoption 42 Appendix 1. Country Sections 48 Appendix 2. Methodology 105 This final report (the “Final Report”) has been prepared by Deloitte Financial Advisory, S.L.U. (“Deloitte”) for Google in accordance with the contract with them dated 23rd February 2018 (“the Contract”) and on the basis of the scope and limitations set out below. The Final Report has been prepared solely for the purposes of assessment of the economic and social impacts of Google Cloud as set out in the Contract. It should not be used for any other purposes or in any other context, and Deloitte accepts no responsibility for its use in either regard. The Final Report is provided exclusively for Google’s use under the terms of the Contract. No party other than Google is entitled to rely on the Final Report for any purpose whatsoever and Deloitte accepts no responsibility or liability or duty of care to any party other than Google in respect of the Final Report and any of its contents. As set out in the Contract, the scope of our work has been limited by the time, information and explanations made available to us. The information contained in the Final Report has been obtained from Google and third party sources that are clearly referenced in the appropriate sections of the Final Report.
    [Show full text]
  • Google Search Techniques
    Google Search Techniques Google Search Techniques Disclaimer: Using Google to search the Internet will locate resources that are available to the public. While these resources are good for some purposes, serious research and academic work often requires access to databases, articles and books that, if they are available online, are only accessible by subscription. Fortunately, the UMass Library subscribes to most of these services. To access these resources online, go to the UMass Library Web site (library.umass.edu). For the best possible help finding information on any topic, talk to a reference librarian in person. They can help you find the resources you need and can teach you some fantastic techniques for doing your own searches. For a complete guide to Google’s features go to http://www.google.com/help/ Simple Search Strategies Google keeps the specifics of its page-ranking techniques secret, but here are a few things we know about what makes pages appear at the top of your search: - your search terms appears in the title of the web page - your search terms appear in links that lead to that page - your search terms appear in the content of the page (especially in headers) When you choose the search terms you enter into Google, think about the titles you would expect to see on these pages or that you would see in links to these pages. The more well-known your search target, the more easy it will be to find. Obscure topics or topics that share terms with more common topics will take more work to find.
    [Show full text]
  • Talks at Google Ep. 8 2018 10 02 Jl Collins 00:00:07 Maxine
    TALKS AT GOOGLE EP. 8 2018 10 02 JL COLLINS 00:00:07 MAXINE: Welcome to another episode of the Talks at Google podcast, where great minds meet. I'm Maxine bringing you this latest episode with author and financial blogger, JL Collins. Talks at Google brings the world's most influential thinkers, creators, makers, doers all to one place. Every episode of this podcast is taken from a video that can be seen at YouTube.com/talksatGoogle. In this episode, JL Collins brings his refreshingly unique and approachable technique on investing to Google. The author of "The Simple Path to Wealth: Your Roadmap to Financial Independence and a Rich, Free Life", Collins offers easy-to-understand effective tips and resources to understand investing with confidence. In this interview with Googler Rachel Smith, he discusses money and investing, including how to think about money and investing to build wealth, how to avoid debt, how to simplify the world of retirement accounts, and much more. 00:01:00 He also talks about what the stock market really is and how it really works, how to invest in a raging bull or bear market and ways to implement financial strategies. Here is JL Collins' "The Simple Path to Wealth." JL COLLINS: Thank you. RACHEL SMITH: Welcome. Welcome. So, my first question for you, the title of your book is "The Simple Path to Wealth." JL COLLINS: It is. RACHEL SMITH: And it's a road map to financial independence and a rich, free life. So, what does wealth mean to you? And how is it tied to a free life? JL COLLINS: Well, I suppose we can look at that in two different directions.
    [Show full text]
  • Bittium Tough Mobile User Manual
    Bittium Tough Mobile Quick Start Guide Device at a glance 1 Power key / status indicator LED / emer- gency key 2 Earpiece and auxiliary microphone 3 Headset and protective cover 4 Front camera 5 Back camera 6 Loudspeakers 7 Flash LED 8 Volume key 9 Programmable key 10 Battery cover 11 Battery charging connectors 12 USB 3.0 port and protective cover 13 Main microphones 14 Noise cancellation microphone 2 Bittium Tough Mobile Quick Start Guide 1 2 3 4 6 5 7 8 9 10 13 12 13 11 11 14 Bittium Tough Mobile Quick Start Guide 3 The ambient light sensor and proximity sensor are located next to the camera on the front of Tough Mobile. The micro USB 3.0 port is located on the bottom of Tough Mobile. Please read this quick guide carefully before using the device. Bittium Tough Mobile is water and dust resistant (IP67). In order to maintain the water and dust resistance the battery cover, the USB connector cover and the headset cover must be properly closed and un- damaged. Intentional dropping and underwater immersion of Bittium Tough Mobile should be avoided. Bittium Tough Mobile is not designed for underwater use or use for example in shower. Purposeful use of the device in these environments will result in a void of the warranty. For more info on Bittium Tough Mobile Ingress Protection see www.bittium.com/BittiumToughMobile. Box contents Bittium Tough Mobile sales package contains the following items: • Battery • Charger, with US, UK and EU adapters • Micro USB cable • 3.5 mm Headset • Quick Start Guide • Plastic wedge for opening battery cover Box contents and the appearance of the accessories may vary.
    [Show full text]
  • Creating World-Class Developer Experiences 2
    Inside the API Product Mindset PART 1 Creating World-Class Developer Experiences 2 3 4 Field-tested best practices Real-world use cases Developer experience checklist Table of contents Inside the API product mindset ................................................................................ 03 Understanding developers—internal and external—as API customers .................. 05 Field-tested best practices ..................................................................................... 07 Build an easy-to-use, self-service developer portal to drive adoption ......... 07 Create a community of developers ................................................................... 08 Never stop improving ......................................................................................... 09 Real-world use cases ............................................................................................... 10 How AccuWeather reached new audiences with its developer portal ......... 10 Developer experience checklist ............................................................................. 11 About Apigee API management ............................................................................... 12 Inside the API product mindset Application programming interfaces, or APIs, are the de facto mechanism for connecting applications, data, and systems—but they’re also much more. APIs abstract backend complexity behind a consistent interface, which means they not only allow one kind of software to talk to another, even if neither was designed
    [Show full text]
  • IT Acquisition Workforce CLP Tool Updated April 2021
    IT Acquisition Workforce CLP Tool Updated April 2021 Using these new CLP learning assets is a very efficient 3-step process for the acquisition workforce (An Active FAITAS Account is Required). Workforce members are encouraged to consult with their agency acquisition career manager prior to using this tool. Step 1: Step 1: Select the learning resource you want from any of the content areas in this Tool and follow the link to the resource’s FAITAS registration location and register. Step 2: After registering in FAITAS, use the link located in the FAITAS Class Location field to access and complete (read, watch, or listen) both the learning resource and its associated learning survey (in Qualtrics), or simply access the resource via the link in the Step 2 column of this Tool. Step 3: Complete the Survey in Qualtrics using the link in the Step 3 column of the Tool. Questions? Concerns? Interested in Our Listserv for Updates on this Tool? Email us at [email protected]. Table of Contents Policy and COVID-19 – Pre-Approved Policy and COVID-19 CLPs Content Area 1 – Understanding the Federal IT Buying Environment: Implications for the IT Professional Content Area 2 – Innovative Contracting Approaches for the Procurement of IT Software, Systems, and Services Content Area 3 – Cost/Price and Technical Evaluation in the Procurement of IT Software, Systems, and Services Content Area 4 – Performance Management Techniques in an Innovative Contracting Environment Content Area 5 – Cross-Cutting: Professional Skill Resources Content Area 6 – Cybersecurity IT Acquisition Workforce CLP Tool List of Acronyms CAAC Civilian Agency Acquisition Council FAI Federal Acquisition Institute FAR Federal Acquisition Regulation GAO Government Accountability Office ITAU IT Acquisition University NASCIO National Association of State Chief Information Officers NCMA National Contract Management Association OFPP Office of Federal Procurement Policy OMB Office of Management and Budget PIL Procurement Information Lab PMI Project Management Institute SEI Software Engineering Institute USDS U.S.
    [Show full text]
  • Next Gen Integration and API Economy
    WHITE PAPER NEXT GEN INTEGRATION AND API ECONOMY Executive Summary Industry leaders say that Integration is where developers are designing innovative All such ecosystems emerged slowly in the key to Digital Economy. APIs are the applications, reaching new customers and last few years, and monetized transactions foundation of Next Gen Integration, be it exploring new markets, all around APIs. on the APIs, which created new digital Cloud integration, Application integration, revenue streams, which in turn, led to API In an Enterprise Integration ecosystem, B2B integration or Enterprise Integration. economy. APIs help in exposing an enterprise’s In current context, APIs are simple backend-as-a-service so that new Businesses, both large and small, both B2C to understand interfaces focused on applications can quickly be built on top of and B2B, all participate in the API economy. business’ recognizable assets, that facilitate that. Why this works is because a significant This paper brings connectivity and integration with peer applications or useful data is almost locked inside big and integration into spotlight, showcasing the systems in an Agile manner. complex legacy enterprise systems, and entire journey that has taken place and the data warehouses, and APIs unlock that A new Developer Ecosystem is emerging pace it’s moving ahead in. data, that precious data. External Document © 2019 Infosys Limited External Document © 2019 Infosys Limited Introduction Traditional integration We live in an economy powered by digital Traditional integration methods are: 2. Hub and Spoke (H&S) computing technologies, cushioned by 1. Point to Point (P2P) 3. Enterprise Service Bus (ESB) the Internet and the World Wide Web.
    [Show full text]
  • Noel Casler 12 1 18 Gotham Vet Show 215,989 Views Gad Saad
    Gay Millennial and Conservative: Guy Benson (Full Interview) Gad Saad and Dave Rubin: Greg Gutfeld on Fox News Hate and Berkeley’s Intolerance (Pt. 1) Taking the Knee: Players Owners Trump and You. Greg Gutfeld on Issues with Mainstream News and Evolving Views on Trump (Pt. 2) Psychology of Trump Bob Saget on Comedy Trump and Political Correctness (Full Interview) Pia Malaney and Dave Rubin: Economics and Politics (Full Interview) Dr. Mike Munger and Dave Rubin: Political Science Trump and Libertarianism (Full Interview) Steven Pinker on the Case for Reason Science Humanism and Progress (Full Interview) Candace Owens on Her Journey From Left to Right (Live Interview) Bill Whittle on the Need for a Fair Press the Abortion Debate and Common Sense (Pt. 2) Richard Dawkins and Dave Rubin: Live at the 92nd Street Y Men vs. Women and Robotics (Full Interview) Who Was Thomas Jefferson? Universal Basic Income and the Role of Economics in Politics (Pia Malaney Pt. 2) Lauren Southern and Dave Rubin: Milo Immigration and Violent Protests (Full Interview) John Stossel and Dave Rubin: Personal Freedom and the Role of Government (Full Interview) Ben Shapiro and Dave Rubin: Trump the Alt Right Fake News and More (Full Interview) David Horowitz and Dave Rubin: Communism Trump and Leaving the Left (Full Interview) Ben Shapiro on How Trump Won and Shifting American Politics Scott Adams and Dave Rubin: Trump’s Persuasion and Presidency (Full Interview) 122,850 views What to Wear on Halloween Stefan Molyneux on Abusive Relationships Atheism Race and IQ (Full Interview) Katie Hopkins and Dave Rubin: Identity Politics Islam and Hate Speech (Full Interview) Dinesh D Souza and Dave Rubin: Hillary Clinton the Democrats and Trump (Full Interview) What is The Rubin Report? Antifa and UC Berkeley: LIVE with Tim Pool The Myth of Systemic Racism (Coleman Hughes Pt.
    [Show full text]
  • Session Presentation
    Secure Your Enterprise Apps! A journey in automating application security and deploying policy control in a cloud world Scott Ryan – Global Technical Solution Architect @saryan210 BRKCLD-2431 #CLUS Agenda • The Changing Landscape and Security Threats • The Journey to Automating Policy to Securely Deploy Applications and Services • Application and Service Deployment Rationalization • Operational Shifts “People, Process, and Tools” • Securing the Application Development Lifecycle • Automating Policy to Securely Deploy Applications and Services • Conclusion #CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot# BRKCLD-2431 by the speaker until June 16, 2019. #CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Security Threats and Changing Landscape The Changing Landscape Devices / Users Devices Network NetworK Users Anywhere / Anything As-a-Service Model Identity-as-a-Service Software Defined Unmanaged IOT Devices As-Code Storage Applications Storage Applications Anywhere Data Protection Secure SDLC Regulations (GDPR) Cloud Native & Data Virtualization Microservice Storage-as-a-Service Compute Architecture Compute Serverless Compute Containers #CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Cost of Data Breaches • Average total cost of a data breach: $3.86M • Average cost per lost or stolen record: $148 • The mean time to identify (MTTI) was 197 days • The mean time to contain (MTTC) was 69 days • Average cost of a breach with Automation $2.88M • Without automation, estimated cost is $4.43M • $1.55M Net Difference #CLUS BRKCLD-2431 © 2019 Cisco and/or its affiliates.
    [Show full text]
  • CAROLINE: Hello
    CAROLINE: Hello. I'm Caroline, and you're listening to the Talks at Google Podcast, where great minds meet. Talks at Google brings the world's most influential thinkers, creators, makers, and doers all to one place. Every episode of this podcast is taken from a video that can be seen at YouTube.com/TalksatGoogle. In 1975, Ray Dalio founded an investment firm, Bridgewater Associates, out of his two-bedroom apartment in New York City. 40 years later, Bridgewater has made more money for its clients than any other hedge fund in history and grown into the fifth-most important private company in the United States, according to Fortune Magazine. In conversation with Googler Jordan Thibodeau, Dalio discusses his book "Principles," about what he's learned over the course of his remarkable career, arguing that life, management, economics, and investing can all be systemized into rules and understood like machines. [00:01:07] The book's hundreds of practical lessons, which are built around his cornerstones of radical truth and radical transparency, offers a clear, straightforward approach to decision-making that Dalio believes anyone can apply, no matter what they're seeking to achieve. And now, here is Ray Dalio: Principles, Life, and Work. JORDAN THIBODEAU: Thank you for-thank you for being here today. RAY DALIO: I'm at a stage in my life where I'm entering what I call the third stage of my life. I think of life as being--existing in three big stages. The first is that, you know, you're learning from others, you're dependent on others--you're a kid.
    [Show full text]
  • OSINT Handbook September 2020
    OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 Aleksandra Bielska Noa Rebecca Kurz, Yves Baumgartner, Vytenis Benetis 2 Foreword I am delighted to share with you the 2020 edition of the OSINT Tools and Resources Handbook. Once again, the Handbook has been revised and updated to reflect the evolution of this discipline, and the many strategic, operational and technical challenges OSINT practitioners have to grapple with. Given the speed of change on the web, some might question the wisdom of pulling together such a resource. What’s wrong with the Top 10 tools, or the Top 100? There are only so many resources one can bookmark after all. Such arguments are not without merit. My fear, however, is that they are also shortsighted. I offer four reasons why. To begin, a shortlist betrays the widening spectrum of OSINT practice. Whereas OSINT was once the preserve of analysts working in national security, it now embraces a growing class of professionals in fields as diverse as journalism, cybersecurity, investment research, crisis management and human rights. A limited toolkit can never satisfy all of these constituencies. Second, a good OSINT practitioner is someone who is comfortable working with different tools, sources and collection strategies. The temptation toward narrow specialisation in OSINT is one that has to be resisted. Why? Because no research task is ever as tidy as the customer’s requirements are likely to suggest. Third, is the inevitable realisation that good tool awareness is equivalent to good source awareness. Indeed, the right tool can determine whether you harvest the right information.
    [Show full text]