The Power of Effective Security CDW Security Executive Summit

Martin Roesch Vice President and Chief Architect, Cisco Security Business Group March 7, 2017 Security Perspective Relentless Attackers No Business or Industry Is Immune Asymmetric Attacks Are Greater Than Our Ability to Respond

Innovative Methods

Persistent Attacks

Shifting Tactics

Global Operations Rising Vulnerabilities

Fragile Infrastructure Encryption Dilemma

Overwhelmed Defenders A Closer Look at Ransomware User Clicks a Link Malicious Code Malicious Ransomware or Malvertising Launches Infrastructure Payload OR

User Downloads Malicious Email Ransomware Attachment Payload The Evolution of Ransomware Variants SamSam Locky Cryptowall 73V3N Keranger CRYZIP First commercial TeslaCrypt Petya Fake Teslacrypt 3.0 Antivirus Redplus Android phone Cryptolocker Teslacrypt 4.0 Virlock Teslacrypt 4.1 Lockdroid Reveton

2001 2005 2006 2007 2008 2012 2013 2014 2015 2016

CryptoDefense Koler GPCoder QiaoZhaz Reveton Kovter Tox Cerber Ransomlock Simplelock Cryptvault Radamant Cokri DMALock Hydracrypt Bitcoin CBT-Locker Chimera Rokku TorrentLocker Dirty Decrypt Hidden Tear Jigsaw Network Launched Virlock Lockscreen Cryptorbit CoinVault Powerware Cryptographic Locker Svpeng Teslacrypt 2.0 Urausy Ransomware 2.0 Self-propagating • Utilization of a vulnerability in a widely deployed product • Replication to all available drives • File infections • Limited brute-force activity • Resilient command and control • Use of other backdoors

Modular • Autorun.Inf/USB Mass Storage Propagation • Authentication Infrastructure Exploits • Command and Control/Reporting Infections • Rate Limiter • RFC 1918 Target Address Limiter Traditional Defenses Against Adversaries Layering Point Products The State Of The Security Industry IncrementalThe Security Capability MountainsEffectiveness of Complexity Gap GoalThe Security for Effective Effectiveness Security Gap Closing the Security Effectiveness Gap

Integration Consolidation Automation Integrated Architectural Approach

Threat Intelligence

Unified Management

Network Endpoint Cloud

Services

Visibility Game Changing Innovation

Industry Cisco 100 VS. DAYS ~ 6 Hours

Reduced Time to Detection

Source: Cisco AMP Data (Cisco 2016 Annual Cybersecurity Report) If It’s Digital Security Must Evolve Effective Security simple open automated Simplicity at Scale