#CLMEL Hybrid Cloud Security Cisco CloudCentre, AMP for Endpoints, Tetration Analytics, StealthWatch Cloud, ACI+ISE w/TrustSec, ASA/Firepower NGFW, Cloudlock, OpenDNS Umbrella, Cisco Threat Response, Duo Security
Brenden Buresh – Principal Systems Engineer Jeff Fanelli – Principal Systems Architect
BRKSEC-2719
#CLMEL Cisco Webex Teams
Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Open the Cisco Events Mobile App 2 Find your desired session in the “Session Scheduler” 3 Click “Join the Discussion” 4 Install Webex Teams or go directly to the team space 5 Enter messages/questions in the team space cs.co/ciscolivebot#BRKSEC-2719
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 • Introduction
• Cisco CloudCentre
Agenda • AMP for Endpoints
• Tetration Analytics Part1 - ADM
• StealthWatch Cloud
• Simplifying Security Visibility Demo
• ACI+ISE w/TrustSec
• ASA/Firepower NGFW
• Tetration Analytics Part2 – Enforcement
• Cloudlock
• OpenDNS Umbrella
• Simplifying Security Segmentation Demo #2
• Cisco Threat Response
• Duo Security
• Multi-Layered Threat Protection Demo #3
• Conclusion #CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Introduction Modern Data Centres are Incredibly Complex
Big and Fast Data Application Architecture Hybrid Cloud Virtualisation Continuous development Multicloud orchestration Expanded attack surface Micro Services Workload portability Increase in east-west traffic APIs Zero trust model
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Cisco Data Centre Security
Integrated
Visibility Segmentation Threat Protection “See Everything” “Reduce the “Stop the Breach” Attack Surface”
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Featured Use Cases and Demos
Visibility Segmentation Threat Protection Network and Firewalls and Application Automated Threat Detection, Application Analytics Segmentation Blocking, and Response Stealthwatch Tetration ASA/NGFW NGFW/NGIPS AMP + Cisco Threat Response ACI/TrustSec + Tetration Stealthwatch + Tetration OpenDNS Umbrella AMP + OpenDNS Umbrella Integrated
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Security Capabilities in the Hybrid Cloud
Threat Visibility Segmentation Prevention
Client Stealthwatch AMP ACI ASAv OpenDNS AMP Server AV/AM Cloud Threat TrustSec NGFWv Umbrella Tetration Workload Response
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Cisco CloudCentre Hybrid Cloud Creates Complexity
“lack of visibility and governance across multiple clouds ”
“inefficient methods to monitor and optimise cloud consumption and Evolving on- costs” Adopting
premises “to develop fast across public clouds environment multiple environments”
“to manage infrastructure for both old and new applications”
“complex process for integration with other ecosystem solutions”
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 CloudCentre Suite Design, Deploy, and Optimise Anywhere
CloudCentre Suite
Evolving on- Adopting premises public clouds environment
New and One integrated End to end existing platform lifecycle applications
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 CloudCentre Suite Multicloud Management Platform Securely Design, Deploy, and Optimise Anywhere
Data Centre
Private Cloud
Public Cloud
End to End Lifecycle One Integrated New and Existing Container Platform Applications as Service
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Workload Manager Abstraction of application profile from infrastructure End-to-end infrastructure and application lifecycle management • Blueprint once, deploy anywhere Profile • Integrate with CI/CD toolchain • Govern and control user and cloud accounts, environments and budgets
Benefits: Increase workload Workload Manager UI Cloud Private/ management efficiencies, accelerate Personalities Public Clouds time to value, provide governance and policy across multiple clouds
BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Cost Optimiser
Cloud usage optimisation and cost reduction across multiple clouds • Use automated recommendations to optimise consumption • Simplify inventory and total spend reporting across clouds, accounts and users • Implement right sizing aligned with policy
Benefits: Provide consumption visibility across clouds, right-size cloud instances, control spend and reduce cloud costs
BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Action Orchestrator Start
Ecosystem integration standardised Invoke using adapters and workflows 1 Target Response • Extend Workload Manager services and actions Invoke • Execute workflows with business and 2 Target technical logic Response • Use included adapters or create custom adapters ~ Invoke Benefits: Eliminate repetitive tasks and N Target broaden scope of cloud orchestration, Response simplify business process and reduce human error End
BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 CloudCentre Suite Integration with Cisco Portfolio
Business (ITSM) Development (DevOps) CloudCentre Suite AppDynamics
Model Deploy Manage Optimise Monitor Map
Cisco Intersight
Stealthwatch
Automation Cloud Services CCP ACI Tetration
UCS HyperFlex Nexus ACI Anywhere
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 AMP for Endpoints Cisco Security Architecture Security that Works Together
Threat Intelligence - TALOS
Network Endpoint Cloud
Services
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Endpoint Devices Increasingly Difficult to Defend
Most challenging areas to defend:
57% 56% 56% Mobile Devices Cloud Data User Behaviour
*Source: Cisco 2018 Security Capabilities Benchmark Study
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 How Does the 1% Escape and Get Through?
Advanced evasion techniques: • Fileless malware • Environmentally-aware malware • Polymorphism • Exploit legitimate processes
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Uncover the 1% with Cisco AMP for Endpoints
Stop Malware Eliminate Blind Discover Unknown Using multiple detection Spots Threats and protection mechanisms The network and endpoint, With proactive threat hunting working together across all operating systems
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 How Cisco Addresses Endpoint Challenges
Reduce Prevent Detect Risk • Antivirus • Static analysis • Vulnerable software • Fileless malware detection • Sandboxing • Low prevalence • Cloud lookups (1:1, • Malicious Activity • Proxy log analysis 1:many) Protection • Client Indicators of • Machine learning Compromise • Device flow correlation • Cloud Indicators of Compromise
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Agentless Detection with Proxy Analysis Identify Anomalous Traffic Occurring Within Your Network
VoIP Printers Security Thermostats Phones Cameras
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Prevent Fileless Malware Malware has Evolved – We Need to Protect Against More than Just Files
Monitor process activity and guard against attempts to hijack legitimate applications.
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Protect Against Ransomware Malicious Activity Protection
• Monitor Process behaviour at execution • Tuned to detect tell-tale ransomware signs • Quarantine and terminate associated files and processes • Log and alert encryption attempt
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Dynamic Analysis and Sandboxing Execute, Analyse & Test Malware Behaviour to Discover Unknown Zero-Day Threats
Suspicious File
AMP for Endpoints Analysis Report Threat Grid
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Cloud Based Analysis - See Once, Block Everywhere Share Intelligence Across Network, Web, Email, and Endpoints
Talos Talos AMP Cloud Threat Grid
Endpoint
NGFW NGIPS ISR CES/ESA WSA/SIG
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Continuous Monitoring
What happened?
Where did the malware come from?
Where has the malware been?
What is it doing?
How do we stop it?
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Perform In-Depth Investigations
Threat hunting
One click remediation
Intelligence correlation
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Tetration Analytics Part1 - ADM Tetration Analytics Hybrid Cloud Workload Protection Attribute and Behaviour Based Security Policy and Segmentation
Baseline Software workload vulnerabilities posture
Application insight Process behaviour deviation
Cisco Tetration Generate segmentation Enforce policy segmentation policies
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Tetration Analytics Platform Details Architecture Overview
Event Cisco Web GUI REST API notification Tetration apps
Data collection layer Cisco Tetration Software sensor and enforcement (Virtual/Bare metal/Containers)
Embedded network sensors* (telemetry only) Third-party sources (configuration data) ERSPAN sensors* (telemetry only)
Netflow sensors* (Augmentation for telemetry) Analytics engine
*Note: Telemetry only; no workload protection functionalities
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Tetration Analytics: Multiple Deployment Options
On-premises appliance options Virtual appliance options Cisco Tetration™ SaaS
Cisco Tetration™ Platform Cisco Tetration-M Cisco Tetration Virtual • Software-as-a-service model: (large form factor) (small form factor) • Suitable for deployments of No need to purchase, install, manage hardware or software • Suitable for deployments • Suitable for less than 1000 workloads of more than 5000 deployments of less • Supported in VMware ESXi- • Fully managed and operated workloads than 5000 workloads based environment or AWS by Cisco • Built-in redundancy or Azure public cloud • Suitable for commercial • Scales to up to 25,000 Includes: • Public cloud instances customers and SaaS- workloads • 6 Cisco UCS C220 owned by customer first/SaaS-only customers servers • Published system Includes: • Flexible pricing model; lower • 2 Cisco Nexus 9300 specification (CPU cores, barrier to entry • 36 Cisco UCS® C220 platform switches memory, storage, etc.,) for servers ESXi based deployments • Quick turn up • 3 Cisco Nexus® 9300 • Scales to 25,000 workloads platform switches
Software subscription license based on number of workloads; available in 1-, 3-, and 5-year terms
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Application Dependency and Cluster Grouping
BM VM VM VM BM
® Cisco Nexus 9000 Series VM BM
Network-only sensors, Bare-metal, VM, host-only sensors, or both (preferred) and switch VM VM telemetry
Bare-metal and VM telemetry BM VM BM VM VM BM Cisco Tetration Analytics™ platform Brownfield VM telemetry VM BM (AMI …) Bare metal and VM VM BM
Unsupervised machine VM BM learning BM VM VM BM Behaviour analysis BM
On-premises and cloud workloads (AWS)
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Security Policy for Segmentation
Application workspaces Baseline workload protection posture Baseline policy
Process behaviour
Application Insights
Network communications
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Stealthwatch Cloud Cisco Stealthwatch
Contextual Predictive Automated network-wide visibility threat analytics detection and response
Behavioural modeling Unknown threats
Machine learning Insider threat
Global threat intelligence Encrypted malware
Using existing network infrastructure Policy violations
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Stealthwatch Product Suite
Stealthwatch Cloud Stealthwatch Enterprise
Enterprise network Public cloud monitoring Private network monitoring monitoring
Public cloud monitoring On-premises network monitoring On-premises network monitoring
Suitable for enterprises & commercial Suitable for SMBs & commercial Suitable for enterprises & large businesses using public cloud services businesses businesses
On-premises virtual or hardware Software as a Service (SaaS) Software as a Service (SaaS) appliance
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Flexible Security for Dynamic Environments
Stealthwatch Cloud
Native Cloud Logs Premises Network Logs
NetFlow
Stealthwatch Cloud IPFIX Virtual Appliance Mirror/Span
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Integrate Easily with all Your Current Systems
• SaaS Management Portal SIEM Public Cloud
SQS SNS
S3 Pub/Sub Storage Stealthwatch Cloud Email
Web Platforms And Other Platforms
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Dynamic Entity Modeling Using Modeling to Detect Security Events
Collect Input Perform Analysis Draw Conclusions
IP Meta Data Role What is the role of the device?
System Logs What ports/protocols does the device Group continually access? Security Events Dynamic What connections does it Passive DNS Consistency Entity continually make? Modeling External Intel Does it communicate internally only? Rules What countries does it talk to? Vulnerability Scans How much data does the device normally Forecast Config Changes send/receive?
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Dynamic Entity Modeling Low Noise Alerts Help You Solve Problems
Excessive failed access attempts
DDoS and amplification attacks
Potential data exfiltration ALERT: Anomaly detected
95% Stealthwatch Cloud alerts rated as “helpful” by customers Geographically unusual remote access
Suspected botnet interaction
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Explore Activity - Detailed Analytics & Reporting SaaS Management Portal
http://www.cisco.obsrvbl.com/snapshots X Detailed inventory and network traffic reports
Ongoing dashboard visualisations
Expandable view of alerts
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Manage Everything from Simple SaaS Portal SaaS Management Portal
http://www.cisco.obsrvbl.com/roles X Unlimited users
No patching necessary
Available anywhere
New features added monthly
Support available
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Amazon Web Services Architecture
Amazon Account Role Created for API Stealthwatch Cloud in Account Permissions allow Stealthwatch Cloud Stealthwatch to read AWS Cloud services CloudTrail Inspector
Amazon CloudWatch GuardDuty Lambda
SaaS Portal Inspector Config Amazon VPC
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Google Cloud Platform Architecture
GCP Account
Stealthwatch API Cloud User with permissions Stealthwatch Cloud
Permissions allow Virtual Private Cloud Stealthwatch Cloud to read GCP Flow Logs Google Compute Engine
SaaS Portal
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Microsoft Azure Platform Architecture
Azure Virtual Network TLS Private Tunnel Stealthwatch Cloud Virtual Appliance Stealthwatch Cloud Virtual Appliance is UDP destination Stealthwatch for flow agents; collects and sends data upstream to Cloud Stealthwatch Cloud analysis engine
Linux Servers with Windows OS w/ 3rd Stealthwatch Cloud Party Flow Agent Sensor SaaS Portal
**Flow Agent Must Generate 5 Tuple Flow Feed
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Monitor Premises or Public Cloud Networks
Core Switching Data Centre Segment
TLS Private Tunnel
NetFlow Stealthwatch Mgmt Cloud Span
Stealthwatch Cloud Virtual Appliance Accounting Segment IPFIX
Syslog SNMP
SIEM
SaaS Portal
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Leverage Existing Telemetry Sources Detect Threats and See Network Activity Virtual Sensors
Collect from all these sources
NetFlow DNS Use DNS Lookups Stealthwatch SIEM Active Directory to link dynamics IPs Cloud to a host name IPFIX Gigamon
Any Mirror/SPAN
DNS Lookup
IP Traffic Data Other Security Data
Mirror/Span Load Application Threat Switches Firewalls Ports Balancers Servers Detection
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Demo: Simplifying Security Visibility What’s the customer problem?
How can I deploy and monitor Cloud Centre my cloud infrastructure? Stealthwatch Cloud
Will my network security policies move with my workload? OpenDNS Umbrella
Do my workloads satisfy AMP for Endpoints security compliance? Tetration Endpoint Agent
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 Simplifying Security Visibility Demo Demo: Simplifying Security Visibility What’s the value?
Maintain infrastructure visibility Stealthwatch Cloud and threat detection
OpenDNS Umbrella Granular visibility to Internet traffic
AMP for Endpoints Endpoint application, process & Tetration Endpoint Agent flow visibility
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 ACI+ISE w/TrustSec ACI Anywhere Any Workload, Any Location, Any Cloud
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 ACI Anywhere – Single Vision, 5 Execution Pillars Security, Analytics and Policy Everywhere
ACI Multi-POD ACI Remote-Leaf ACI Multicloud Multiple Networks Physical Remote Leaf ACI Extensions to (Pods) in a single extends an Availability Public Clouds (AWS, Availability Zone Zone (Fabric) to Azure, GCP) (Fabric) ACI 3.0 remote locations ACI 4.0
ACI 2.0 ACI 3.1 H1CY19 ACI Multi-Site ACI vPod Multiple Availability Virtual POD extends an Zones (Fabrics) in a Availability Zone (Fabric) Single Region ’and’ to remote locations Multi-Region Policy Management
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 ACI Anywhere Technical Details Centralised Provisioning of Multi-Cloud Routing and Segmentation Public Cloud Site A
App VNET-1 Azure
Multi-Site Orchestrator Virtual Machine
Virtual Network Peering
VNET
Virtual Machine
App VNET-2 Microsoft Express Route
App VPC-1 VNF VNF VNF VNF VM CSR1000V
DMZ Edge Fabric CSR1000V AWS Direct AWS Instances Connect
CoLo TGW - Infra VPC VGW VM VM VM
ACI Anywhere - Centralised AWS Instances On-Premise Fabrics Provisioning and Management of AWS Region App VPC-2 Multi-Cloud Routing Public Cloud Site B
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Group Based Policy Simplifies Segmentation
Traditional Segmentation Group Based Policy Employee Tag
Supplier Tag DC Servers
Non-Compliant Tag Static ACL DC Firewall/Switch
Routing Enterprise Enterprise Micro/Macro Segmentation Redundancy Backbone Backbone Central Policy Provisioning DHCP Scope ISE Address Aggregation Layer No Topology Change VACL Policy VLAN No VLAN Change Access Layer Access Layer
Non-Compliant Voice Employee Supplier BYOD Voice Non-Compliant Employee Supplier BYOD
Quarantine Voice Data Guest BYOD Voice Data VLAN VLAN VLAN VLAN VLAN VLAN VLAN
Security Policy based on Topology Use existing topology and automate High cost and complex maintenance security policy to reduce OpEx
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 Context Build, Summarise, Exchange
Threat Mobility Services Intelligence Engine Who System Mobile Device managers Managers What When Directory Vulnerability Services Scanners Where Stealthwatch
How • pxGrid Firepower services Posture • REST API • Syslog DNAC Cisco ISE Threat Vulnerability + 3rd Party partners
Endpoints Scalable Group
Visibility and Access Control Context Reuse ISE builds context and applies access control restrictions to users and devices by eco-system partners for analysis and control
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 ISE – Identity Services Engine Connects Trusted Users and Devices with Trusted Services
Identity Services Engine (ISE): a centralised security solution that automates context-aware access
Trusted Device Groups Destination Trusted App/Services
Trusted Partners Cloud Cloud Server Server Group App A App B A B Public/Private Cloud Policy Enforcement Cloud
Trusted Asset
Trusted
Group Source
On Prem Partners Enforcement on every PIN on Premise
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Identity – Authentication and Authorisation Users and Things
Credentials Profiling Posture
users things SIEM Identity (e.g. Active Directory)
pxGrid Cisco Identity Services CASB
Location Vulnerability Behavior Analytics Scalable Groups
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Identity – Authentication and Authorisation Applications and Data
Attributes Placement Profiling
DB App Web
Scalable Groups
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 User to Application Policies
Source Group Destination Group Contract @ VN-X @ VN-Y users
things Application End-points
Identity CONTRACT BLUE Identity
Classifier Action
Port Number Permit IP Address Deny Application Type Copy Gold Service
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Enterprise Wide Policy Identity Federation APIC/ MSO DNA Centre Identity Federation Tetration • Network Controller Platform ACI Insights • Network Data Platform ACI Assurance ISE CloudCentre
Intent Based ACI Data Policy SDA Campus Centre Fabric Fabric
Common Identity across the Database App Web Entire Network User Group User Identity Application and Server Identity (People and their Devices) #CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Cross Domain Architectural View Connect the User to the Application What is SD-Access? Campus Fabric + Automation & Assurance SD Access – Coming Soon
APIC--EM 1.2.X0 GUI approach provides automation of all Campus Fabric configurations, ISE NDP management and group-based policy.
DNA Center Leverages DNA Center to integrate external Service Components (ISE & NDP), and orchestrate your entire LAN, WLAN and WAN network.
B B Campus Fabric – Shipping Now
CLI or API form of the new Overlay C vSmart Controllers Fabric solution for your Enterprise SDA Campus networks. Campus CLI approach provides backwards Fabric compatibility and customization, Box-by-Box. API approach provides automation via NETCONF / YANG.
APIC-EM, ISE, NDP are all separate. vPod Internet Servi Servi Servi © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 ce ce ce Hypervisor Hypervisor Hypervisor VM VM VM
Path 2 MPLS Los Angeles Branch 4G LTE Chicago Branch
DB App Web
End to End Functions Application Policy, Connectivity Assurance, Troubleshooting User Group
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 ASA/Firepower NGFW Cisco Firepower NGFW Value Proposition
Prevent breaches Deep network and Automate operations automatically to keep security visibility to to save time, reduce the business moving detect and stop threats complexity, and work fast smart
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Cisco NGFW Overview
Time to detection of a Savings from Leader in the 2018 Gartner MQ successful breach security automation
Cisco ~4.6 hours Industry ~100 Days First year $184K Source: 2018 Cisco CyberSecurity Report
Read the Report
You can complement and strengthen your security portfolio with a Cisco® NGFW. The Cisco NGFW helps you prevent breaches, get deep visibility to detect and stop threats fast, and automate your network and security operations to save time and work smart.
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 NGFWv Overview AWS and Azure Stateful firewall NAT Static and dynamic routing Firewall
NGIPS URL
AVC AMP VPN IPSEC AVC - Application Visibility and Control (S2S & RAVPN) NGIPS – Next-Generation Intrusion Prevention System AMP – Advanced Malware Protection VPN – Virtual Private Network SI URL – URL filtering SI – Security Intelligence
FTDNGFWv Appliance
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 Management Options
Cisco Firepower Cisco Firepower Management Center Device Manager (FMC) (FDM) Centralized Manager On-box manager
Helps administrators enforce consistent access policies, For easy on-box management rapidly troubleshoot security of single FTD or pair of FTDs running in HA events, and view summarized Available on KVM, reports across the deployment ESXi and Physical Appliances Files and database API
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 ASAv Overview AWS and Azure Stateful F/W, NAT, Routing and ACL
VPN IPSEC and SSL ASAv 9.10.x REST API
Route based VPN VTI
Management ASA Appliance CLI, ASDM, CSM and CDO
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 NGFWv, FMCv and ASAv in Public Cloud and Gov Cloud Instance Types
NGFWv Instance (Marketplace) ASA instance (Marketplace) c3.xlarge, c4.xlarge c3.large, c3.xlarge FMCv Instance (Marketplace) c4.large, c4.xlarge c3.xlarge, c3.2xlarge m4.large, m4.xlarge c4.xlarge, c4.2xlarge large instance is ASAv10, xlarge instance is ASAv30 SSD storage on c3 instance and EBS storage on c4 or m4 instance
NGFWv Instance (Marketplace) Standard D3 and D3v2 ASAv Instance (Marketplace) FMCv Instance (Marketplace) Standard D3 and D3v2 NEW Standard D3v2 and D4v2 Available from FMC/FTD release 6.4 D3 and D3v2 instance is ASAv30 Standard_D3v2 (4 CPU, memory: 14GB) Standard_D4v2 (8CPU, Memory: 28GB)
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 NGFWv Deployment Modes in Public Cloud
Routed mode (NGFWv) - AWS Passive mode (NGFWv) - AWS Routed mode (NGFWv) - Azure
• Passive mode is only applicable to NGFWv in AWS
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 ASAv Deployment Modes in Public Cloud
Routed mode (ASAv) - AWS Routed mode (ASAv) - Azure
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Licensing NGFWv and ASAv in Public Cloud Cisco Smart Licensing for NGFWv and ASAv in AWS and Azure
Base License AWS Azure Firewall, AVC • Bring you own license • Bring you own license NGFW Term based • Hourly or Annual Threat, URL, AMP license
Standard License AWS Azure Firewall, throughput • Bring you own license • Bring you own license ASA Anyconnect Apex • Hourly or Annual License SSL, IPSEC license
ASAv entitlement in Public Cloud AWS (ASAv10 & ASAv30): ASAv10 & ASAv30 entitlement (1G*, 250 (ASAv10) or 750 (ASAv30) VPN endpoints) Azure (ASAv30): ASAv5, ASAv10 & ASAv30 entitlement (100M (ASAv5), 1G*(ASAv10 or ASAv30), 50 (ASAv5), 250 (ASAv10) or 750 (ASAv30) VPN endpoints) Note: No Cisco TAC support from AWS pay-as-you-go model license model but you can purchase one year TAC support from listed partner: Purchase TAC Support * Maximum throughput is measured with traffic under ideal conditions
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 Tetration Analytics Part2 - Enforcement Security Policy Elements
Autogenerated based on application behaviour
Workload context Unified and metadata Policy
User and User groups
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 Tetration Analytics Security Platform Hybrid Cloud Workload Protection Approach
Communication control App behaviour detection Vulnerability detection
• Automated whitelist policy • Process hash, lineage, • Installed package tracking based on application attributes • Weekly CVE tracking behaviour • New command, new user • Vulnerability scoring • Policy enforcement to enable • Account modification segmentation • Threat intelligence ingestion • Privilege escalation • Tracking of policy compliance • Shell-code execution • Outlier detection • Raw sockets
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 Segmentation Policy – How Does it Work?
Cisco Tetration™ automatically converts your intent into blacklist and whitelist rules
Intent Rules
Block nonproduction applications from DENY SOURCE 10.0.0.0/8 DEST 128.0.0.0/8 talking to production applications
Allow HR applications to use the ALLOW SOURCE 128.0.10.0/16 DEST employee database 128.0.11.0/16
ALLOW SOURCE * DEST 128.0.100.0/ 16 PORT = 80 Block all HTTP connections that are not destined for web servers DENY SOURCE * DEST * PORT = 80
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 Security Enforcement – Consistency & Mobility
Virtual Containers
Process Pods
Denies Allows Container Host OS
Denies Allows Endpoint
Hypervisor Virtual Network Container Networking Interface
Network Infrastructure Bare metal Cloud Intent is rendered as security rules in native operating system firewalls Process (IP sets in Linux and Microsoft Windows Firewall in Process Windows Server) Denies Allows Denies Allows
Endpoint Any infrastructure, Any networking, Same Endpoint security model, Rich context Network infrastructure Cloud infrastructure
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80 Cloudlock Organizational Challenges
Malware and Gaps in visibility ransomware and coverage
Compromised Data breaches accounts and and compliance malicious insiders
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82 Security Challenges Have Evolved
SaaS
Users Data Apps
HQ Roaming user Branch
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83 Key Questions Organizations Have
Users/Accounts Data Applications
. Who is doing what in . Do I have toxic and . How can I monitor app my cloud applications? regulated data in the cloud? usage and risk? . How do I detect account . Do I have data that is being . Do I have any 3rd party compromises? shared inappropriately? connected apps? . Are malicious insiders . How do I detect policy . How do I revoke risky apps? extracting information? violations?
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 Example of Why you Need Cloud User Security
North America 9:00 AM ET In one hour Login
Africa 10:00 AM ET . Distance from the US Data export to the Central African Republic: 7362 miles . At a speed of 800 mph, it would take 9.2 hours to travel between them
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 More than 24K Files per Organization Publicly Accessible
Data exposure per organization
2% Accessible publicly
Accessible by 10% external collaborators
Accessible 12% organization-wide
of external sharing done with 24,000 files non-corporate email addresses publicly accessible per organization 70%
Source: Cloudlock CyberLab
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86 Cloudlock has Over 80 Pre-Defined Policies
PII Education General PHI PCI
. SSN/ID . Inappropriate . Email address . HIPAA . Credit card numbers content . IP address . Health numbers . Driver license . Student loan . Passwords/ identification . Bank account numbers application login numbers numbers . Passport information information (global) . SWIFT codes numbers . FERPA . Medical compliance prescriptions
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87 Addresses Most Critical Cloud Security Use Cases
Discover and Control
Compromised Data Exposures OAuth Discovery and Accounts and Leakages Control
Privacy and Insider Threats Shadow IT Compliance Violations
User and Entity Cloud Data Loss Apps Firewall Behavior Analytics Prevention (DLP)
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88 Cloud-Native Full value instantly, no disruption
Cisco Ecosystem FedRAMP ATO Integrated, architectural Cisco Cloudlock has received approach to security, a FedRAMP Authority To vendor viability Cisco Operate (ATO) Cloudlock
Smartest Intelligence Proven Track Record CyberLab, crowd-sourced community Deployed at over 700 trust ratings organizations and supporting deployments over 750,000 users
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89 OpenDNS Umbrella Cisco Umbrella Cloud Security Platform
Built into the foundation of the internet Malware C2 Callbacks Phishing Intelligence to see attacks before launched
Visibility and protection everywhere
208.67.222.222 Enterprise-wide deployment in minutes
Integrations to amplify existing investments
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 Where Does Umbrella Fit? Malware C2 Callbacks Phishing
Benefits
First line Block malware before it hits the enterprise NGFW Netflow Contains malware Proxy if already inside
Sandbox Router/UTM Internet access is faster AV AV AV AV AV Provision globally in minutes HQ BRANCH ROAMING
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 It all Starts with DNS
DNS = Domain Name System Umbrella First step in connecting to the internet
Precedes file execution and IP connection Cisco.com 72.163.4.161
Used by all devices
Port agnostic
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 Built into Foundation of the Internet
Umbrella provides: Safe Blocked request request Connection for safe requests
Prevention for user and malware- initiated connections
Proxy inspection for risky domains
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 Selective Proxy Requests for “risky” domains
Cisco Talos feeds Cisco WBRS URL inspection Partner feeds Custom URL block list
AV Engines File inspection Cisco AMP
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95 Prevents Connections Before and During the Attack
Web- and email-based infection Command and control callback Malvertising / exploit kit Malicious payload drop Phishing / web link Encryption keys Watering hole compromise Updated instructions
Stop data exfiltration and ransomware encryption
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96 Malware Doesn’t Just Happen Intelligence to See Attacks Before Launched
Data
• Cisco Talos feed of malicious Security researchers domains, IPs, and URLs • Industry renown researchers • Umbrella DNS data — 150B requests per day • Build models that can automatically classify and score domains and IPs Models
• Dozens of models continuously analyze millions of live events per second Ransomware Web server Malware Web server • Automatically uncover malware, ransomware, and other threats
Email delivery Domain/IP Malvertising Domain/IP
ATTACK 1 ATTACK 2 #CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97 Intelligence Statistical Models 2M+ live events per second 11B+ historical events
Spike rank model Detect domains with sudden Co-occurrence model spikes in traffic Identifies other domains looked up in rapid succession of a given domain Predictive IP space monitoring Analyzes how servers are hosted Natural language processing model to detect future malicious domains Detect domain names that spoof terms and brands Dozens more models
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 Visibility and Protection for all Activity, Anywhere Umbrella
HQ All office locations IoT BYOD Any device on your network ON-NETWORK OFF-NETWORK Roaming laptops and Branch supervised iOS devices Roaming Every port and protocol Supervised iOS devices
ALL PORTS AND PROTOCOLS
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99 Enterprise-Wide Coverage in Minutes, not Months
On-network coverage With one setting change Integrated with Cisco SD-WAN, Cisco ISR 1K and 4K series, Cisco Meraki MR, and Cisco WLAN controllers
Off-network laptop coverage With AnyConnect VPN client integration Or with any VPN using lightweight Umbrella client ANY DEVICE ROAMING / BRANCH ON NETWORK MOBILE OFFICES Or with Umbrella Chromebook client
Off-network mobile coverage With Cisco Security Connector
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 Integrations to Amplify Existing Security Block Malicious Domains from Partner or Custom Systems
YOUR CURRENT SECURITY STACK
Threat analysis feed AMP Threat Grid + Others Umbrella
Appliance-based detection + Others IOCs Threat intelligence platform + Others
Cloud Access Security Broker Cloudlock + Others
Custom integrations Python Script Bro IPS + Others
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101 What Sets Umbrella Apart from Competitors Fastest and most reliable cloud infrastructure
Broadest Most open coverage of malicious platform for integration destinations and files
Easiest Most predictive connect-to-cloud intelligence to stop deployment threats earlier
#CLMEL TECSEC-2723 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102 Demo: Simplifying Security Segmentation What’s the customer problem?
ASA / Firepower NGFW How can I enforce policy at the North / South perimeter? • Workload edge firewall • TrustSec SGT enforcement
Tetration Analytics How can I enforce East-West traffic / µ-segmentation • Integrated workload firewall • Application dependency mapping
OpenDNS Umbrella How can I stop outbound malicious traffic? • Workload DNS security • White-list Internet access
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103 Simplifying Security Segmentation Demo Demo: Simplifying Security Segmentation What’s the value?
ASA / Firepower NGFW
• Workload edge firewall Edge firewalling on IP or SGT • TrustSec SGT enforcement
Tetration Analytics • Integrated workload firewall East-West / micro-segmentation • Application dependency mapping
OpenDNS Umbrella White-list only internet policy • Workload DNS security Infection prevention • White-list Internet access
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105 Cisco Threat Response Cisco Integrated Security Architecture Security That Works Together
Open APIs · Developer Environment · Services Cisco Threat Response Deploy Policy
Detect Investigate Remediate
Cisco Security Portfolio
3rd Network User/ Endpoint Cloud Parties160+ security Leading Threat Intelligence tech partners
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107 Introducing Cisco Threat Response Unleashing the Power of the Cisco Integrated Security Architecture
Key pillar of our integrated security architecture
• Automates integrations across Cisco security products • Reduces the time and effort spent on key security operations functions: . Detection . Investigation . Remediation • Included as part of Cisco Security product licenses
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108 Cisco Threat Response in Action Three Simple Ways to Get Started
1 Intelligence Sources Investigate (search interface) Casebook via 2 Browser Plug-In
3 High-Fidelity Events Incident Manager
Observables: AMP for Email NGFW/ Cisco Threat Virus • File hash Umbrella • IP address Endpoints Security NGIPS Talos Grid Total • Domain • URL • Have we seen these observables? Where? • Are these observables suspicious or • More... • Which endpoints connected to the domain/URL? malicious?
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109 Cisco Threat Response in Your SOC Complements Your Existing Investments and Supports Your IR Team
Cisco Threat Response Multiple Cisco Products and Intel/Identity Context Detect Investigate Remediate
IR Team
Other Existing Products Existing Stand-alone and Intel/Identity Context SIEM SOAR (optional) SOC
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 Duo Security Enterprises are Enabling Data Access Between…
Any User Any Device Any App In Any Location Employee Corporate-Issued Data Centre On-Premises Contractor Bring-Your-Own Multi-Cloud On-VPN Partner IoT SaaS Off-Network
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 Mindsets are Changing to Address These Problems
Location ≠ Trust Trust Erodes Restrict Access Automate Policy Don’t grant access to Don’t rely only on Prioritise enforcing Adjust access using data based on where one-time verification the least privileges dynamic context requests originate in of user, device, and for a limited time for to improve policy the network or DC workload trust your high-risk data efficacy and simplicity
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113 Complimentary Security Approaches
Threat-Centric Trust-Centric Basic security maturity to prevent Good security practice to verify before attacks via an intelligence-based granting access via a identity-based policy — then detect, investigate, policy — for any user, any device,
and remediate any app, in any location Dynamic Context
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114 User and Device Identity for Policy and Awareness
Public Cloud Private Public Cloud SaaS Apps Cloud IaaS
Trusted Identity Added to Cisco’s Portfolio
Verifies User and Device Trust
Cloud Intent-based Networking Endpoint
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115 Software-Defined Policy Access Evolution
SDP Approach to SDP Approach to Network Access App Access
Cisco Identity Services Engine (ISE)
Trusted Access across Hybrid IT Enterprises
IoT Access App / Services Mobile & BYOD App / Services Solution Access Solution On-Prem Cloud On-Prem Cloud
Head- User + On-Prem ISEISE ISE orISE Duo** Duo less On-Prem ISE ISE Device Device Off-Prem ISEISE*☨ or or Duo Duo*☨ DuoDuo MFA
☨ Integrated with AnyConnect *Duo Beyond with Network Gateway (i.e. reverse proxy) **Duo Access for BYOD
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116 Secure Any Corporate Application
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117 Verify Trust for Any Device Limit Access to Compliant Devices
● Identify corporate-owned & BYOD
● Verify if devices are out-of-date and potentially vulnerable to security risks
● Block devices access to critical applications
● Apply policies consistently for any device platform: Windows, MacOS, iOS & Android
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118 Adaptive Policies Easily Enforce Compliance
● Customisable security policies
● Global, App & Group Level controls
● Establishes a level of trust based on users and devices
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 Duo Product Architecture
Cloud Apps Duo Access Gateway [SAML/SSO] Web/SSH (Duo Network Gateway)
Access Duo Auth VPN, Virtual or Device Proxy Desktop, etc. [Radius/LDAP] Primary Auth User (AD, Azure-AD, Duo Integrated LDAP, etc.) (azure-ad, rdp, MFA ssh, Windows, Device app, api, etc)
Duo Cloud Platform
Multi-Factor Authentication User MFA Device User Device Policy Management Management Visibility Policy Check
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120 Duo Never Touches the Primary Authentication
Core service and policy engine is always in the • Duo Push cloud • Mobile Passcode • Phone, SMS • HOTP Token • U2F/WebAuthN • Bypass
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121 Duo Access Gateway Setup (DAG)
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122 Duo Network Gateway Detect User and Device Context for Internal HTTP/S and SSH Apps
Trusted User Trusted Device 10.0.0.1-4
Tier 1
*.domain.local Tier 2 SSH Public Internet DNG 192.0.0.1/24 (443) Tier 3
Security Groups
Use Duo Beyond to secure access to internal networks and the public cloud.
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 123 Duo Network Gateway Setup (DNG)
● Deploy a Duo Network Gateway in the DMZ using Docker, with both “public” and “internal” access. ● Configure your SAML IdP for primary auth. ● Configure DNG with Duo for secondary auth. ● Configure a web application on the DNG for your protected “internal” application. ● Create public DNS entries for your protected internal web apps to point to the DNG’s public interface. ● Users access the “internal” app using their browser.
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124 Duo Authentication Proxy (Radius)
Requirements
1. Cisco ASA 8.3 or later 2. Cisco FTD 6.3 or later 3. Duo Auth proxy
Learn more about AnyConnect RADIUS integration
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125 Demo: Multi-Layered Threat Protection What’s the customer problem?
Are my cloud workloads being Stealthwatch Cloud attacked? • AMP Threat Grid • Umbrella Investigate
How do I connect and correlate Cisco Threat Response my security tools? • Zero day malware protection • Event correlation and visualisation
OpenDNS- AMP for UmbrellaEndpoints How do I contain a breach? • Command & control prevention • Whitelist / Blacklisting
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 126 Multi-Layered Threat Protection Demo Demo: Multi-Layered Threat Protection What’s the value?
Stealthwatch Cloud Automatics security monitoring and • AMP Threat Grid alerting in public cloud • Umbrella Investigate
Cisco Threat Response Simplifies and correlates security • Zero day malware protection events across hybrid cloud • Event correlation and visualisation
OpenDNS Umbrella - AMPInfected for workloadsEndpoints are contained • Command & control prevention in real-time • Whitelist / Blacklisting
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128 Conclusion Cisco Hybrid Cloud Security Solutions
Visibility Segmentation Threat Protection Network and Firewalls and Application Automated Threat Detection, Application Analytics Segmentation Blocking, and Response Stealthwatch Tetration ASA/NGFW NGFW/NGIPS AMP + Cisco Threat Response ACI/TrustSec + Tetration Stealthwatch + Tetration OpenDNS Umbrella AMP + OpenDNS Umbrella Integrated
#CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130 Key Takeaways
Integration across our security, data centre and cloud platforms is a key differentiator
Consistent effective security capabilities are critical drivers
Customers benefit from superior visibility, segmentation and threat protection Hybrid Cloud Foundation
BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131 Q & A
#CLMEL #CLMEL BRKSEC-2719 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133 Complete Your Online Session Evaluation
• Give us your feedback and receive a complimentary Cisco Live 2019 Power Bank after completing the overall event evaluation and 5 session evaluations. • All evaluations can be completed via the Cisco Live Melbourne Mobile App. • Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at:
https://ciscolive.cisco.com/on-demand-library/
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134 Thank you
#CLMEL #CLMEL