The Power of Effective Security CDW Security Executive Summit
Martin Roesch Vice President and Chief Architect, Cisco Security Business Group March 7, 2017 Security Perspective Relentless Attackers No Business or Industry Is Immune Asymmetric Attacks Are Greater Than Our Ability to Respond
Innovative Methods
Persistent Attacks
Shifting Tactics
Global Operations Rising Vulnerabilities
Fragile Infrastructure Encryption Dilemma
Overwhelmed Defenders A Closer Look at Ransomware User Clicks a Link Malicious Code Malicious Ransomware or Malvertising Launches Infrastructure Payload OR
User Downloads Malicious Email Ransomware Attachment Payload The Evolution of Ransomware Variants SamSam Locky Cryptowall 73V3N Keranger CRYZIP First commercial TeslaCrypt Petya Fake Teslacrypt 3.0 Antivirus Redplus Android phone Cryptolocker Teslacrypt 4.0 Virlock Teslacrypt 4.1 Lockdroid Reveton
2001 2005 2006 2007 2008 2012 2013 2014 2015 2016
CryptoDefense Koler GPCoder QiaoZhaz Reveton Kovter Tox Cerber Ransomlock Simplelock Cryptvault Radamant Cokri DMALock Hydracrypt Bitcoin CBT-Locker Chimera Rokku TorrentLocker Dirty Decrypt Hidden Tear Jigsaw Network Launched Virlock Lockscreen Cryptorbit CoinVault Powerware Cryptographic Locker Svpeng Teslacrypt 2.0 Urausy Ransomware 2.0 Self-propagating • Utilization of a vulnerability in a widely deployed product • Replication to all available drives • File infections • Limited brute-force activity • Resilient command and control • Use of other backdoors
Modular • Autorun.Inf/USB Mass Storage Propagation • Authentication Infrastructure Exploits • Command and Control/Reporting Infections • Rate Limiter • RFC 1918 Target Address Limiter Traditional Defenses Against Adversaries Layering Point Products The State Of The Security Industry IncrementalThe Security Capability MountainsEffectiveness of Complexity Gap GoalThe Security for Effective Effectiveness Security Gap Closing the Security Effectiveness Gap
Integration Consolidation Automation Integrated Architectural Approach
Threat Intelligence
Unified Management
Network Endpoint Cloud
Services
Visibility Game Changing Innovation
Industry Cisco 100 VS. DAYS ~ 6 Hours
Reduced Time to Detection
Source: Cisco AMP Data (Cisco 2016 Annual Cybersecurity Report) If It’s Digital Security Must Evolve Effective Security simple open automated Simplicity at Scale