Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security = Top Business Issue

Published byRudolf Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Security = Top Business Issue"— Presentation transcript:

1 The Business Value Model Christi McClellan Security CAM - Cisco Systems

2 Security = Top Business Issue
Business priorities remain conservative, dealing with business integrity before growth Security = Top Business Issue Security breaches/business disruptions Operating costs/budgets Data protection and privacy Ranking 12 1 2 2003 2002 - 4 3 2004 Gartner: Top Ten Business Trends In 2004 * Need for revenue growth * Use of information in products/services * Economic recovery Single view of customer Faster innovation Greater transparency in reporting Enterprise risk management - 5 7 4 3 6 9 10 8 In 2004 security has become THE biggest IT issue; no longer a simple nuisance or architectural check list item, it has now become ABSOLUTELY imperative to reconsider how networks, endpoints and related systems can be used to protect your company’s strategic infrastructure. You heard me say SYSTEMS – you’re going to hear that a lot today. Let’s take a look at a recent study by leading analyst Gartner Group. The change in security ranking is staggering, overcoming even our top issue of the last several years; costs/budgets/and roi. Let’s consider the risks that are driving this concern…   Selected change in ranking compared with 2003 * New question for 2004

3 Why Customers Lack Sufficient Security
Inability to quantify benefits Lack of risk analysis Perceived cost Preconceived notions Quickly evolving networks and applications Why Customers Lack Sufficient Security Leading Question: With all of these security concerns, why do customers lack sufficient security? Ask this question before showing the bullets. Map participant answers to this slide. Statistic While security breaches cause over 15 billion U.S. dollars of damage worldwide annually, more than 50 percent of businesses spend 5 percent or less of their IT budget on security annually. Marcus Ranum, one of the inventors of the modern firewall, recently said, “We security folks have got to stop treating security like it is a separate problem from network management.” Key Points Inability to Quantify Benefits Many companies find that the solutions they implement are simply inadequate. This inadequacy is often the result of two things. First, they simply do not understand what security risks are associated with their e-business strategies, and second, they do not have a systematic way to intelligently secure their entire network. Lack of Risk Analysis Companies have little or no idea of the costs associated with an electronic break-in. They have not quantified the value of their electronic data and do not understand the extent to which damage can be done should a break-in occur. They have not adequately analyzed their e-business strategy and implementation and used it as a foundation for building an appropriate security policy. Perceived Cost Most executives still believe that security problems are solved by buying and installing a box of some sort (such as a firewall, intrusion detection device, or access control system). The best solution is to first develop an appropriate security policy, then leverage the security that is already inherent in the existing network, and then purchase and apply network-intelligent security solutions that were designed to be part of the network architecture and that support the implementation of new network services and solutions. Preconceived Notions One of the biggest problems that companies face is that they have separated their security function from their networking solutions. This separation is largely because most security devices were designed to restrict access and are often far slower than the network they are protecting. Network Security Evolves Over Time Evolving attack methods and constant evolving software vulnerabilities continually introduce new threats into an organization’s install network, systems and applications,  This, even rigorous security-conscious organizations discover that security starts to degrade after network upgrades, fixes or new technology introductions. Another point here is lack of internal awareness. This is not something we can directly help but talking about is shows credibility as it is a major concern. The way we can help is sharing our best practices (Cisco work papers, and involving Cisco infosec team (John Stewart) to talk with customers). Transition There is no definition of “perfect security.” No one can react to every possible situation. However, Cisco has best practices and we must share these with our customers as we educate them. But it will always be up to the customer to make an educated decision about what their comfort level is for risk. We can educate them on the risk in their environment, but they will still weigh that against the cost of mitigating that risk. They can choose to ignore it, accept it, or transfer it.

4 Threats and Vulnerabilities
Assets Vulnerabilities Threats Consequences Internet Virus 52% experienced attacks from outside 48% experienced attacks from inside Most expensive attacks come from inside (Up to 10x more costly) Threats and Vulnerabilities: Leading Question Who knows what the difference is between a vulnerability and a threat? A vulnerability is a weakness that is inherent in the design and configuration of the network and infrastructure. A threat is something that can attack the vulnerability. What are the impacts on business of vulnerabilities vs. attacks? If you get to the attack phase, your systems have been compromised and you experience consequences - costs associated with data and system recovery, loss of productivity, etc. If you can eliminate vulnerabilities before attacks occur, the consequences to the business are much less severe. This is the justification for a proactive approach. Simply addressing threats is a reactive approach - consequences will ultimately be greater. Examples If you leave your Porsche (asset) unlocked (vulnerability) a car thief (threat) might steal it (consequence). This is similar to being worn down by work and stress and a flu germ gets to you. The more worn out or vulnerable you are, the more likely the germ can attack and make you ill. Flip Chart Describe the types of threats using a white board or flip chart: known and unknown, structured and unstructured Which type of threat is typically the most expensive (internal or external)? Internal – Why? Because these are typically structured – the attacker knows exactly what they want and can be the most damaging. Transition What are some threats that your customers have seen? How would you categorize these (internal vs. external, etc)? Add answers to the flip chart. What examples do you have of vulnerabilities and threats being business disablers? (Cisco lost a major deal with Merrill Lynch because they did not go for VoIP – they were not comfortable with security.) Source: CSI / FBI Security Study 2004 Introduction: Integrated Security Strategies

5 Why Business Disruptions Continue
Viruses, Worms, Trojan Horses, Botnets penetrating defenses Viruses now #1 cause of financial loss (2004 CSI/FBI) Day-zero attacks are sophisticated and complex Point technologies easily bypassed, not designed to preserve network integrity or resiliency Non-compliant servers/desktops common, difficult to detect and contain Locating and isolating infected systems is time and resource intensive Cisco is committed to resolving the most important security issue facing our customers today – disruption of operations from viruses and worms. The damage caused by worms and viruses has demonstrated that existing operational and technical safeguards are not sufficient. The latest spat of viruses – slammer & blaster – proved how vulnerable organizations are to disrupting business. Unlike their predecessors – Code Red, Nimda, SQL Slammer – they have made organizations realize the importance of protecting their entire infrastructure, not just the edge of their networks. This is because they turned vulnerable desktops and laptops, not just servers, into disruptive agents within the organization’s local networks. The costs and process involved in fixing infected systems and containing outbreaks is sever, and the work is often laborious and manual. This has caused many organizations to become more committed to addressing compliancy issues with systems accessing their networks – making sure they are running the right tools and have the proper security patches loaded. Non-compliant systems are frequent -- be it due to contractors, business partners, unmanaged devices, non-production devices, or a general lack of ability to ensure company image and update policies are followed. Point products do not protect overall network integrity – just one small segment eg HIDS protects the server but not the rest of the network The big picture is most important – business resiliency

6 Security Drivers Continue
Target and Scope of Damage Time from knowledge of vulnerability to release of exploit is shrinking Seconds Global Infrastructure Impact Regional Networks Multiple Networks Individual Networks Individual Computer Next Gen Infrastructure hacking Flash threats Massive worm driven DDoS Damaging payload viruses and worms Minutes 3rd Gen Network DoS Blended threat (worm + virus+ trojan) Turbo worms Widespread system hacking Days Most Security products are still using the 1990’s model for developing solutions but the hackers have moved on… Now we have these super worms – where you have to eliminate it off every single device in your network or it will re-propagate itself The window between the vulnerability being published and the actual time of attack is shrinking Weeks 2nd Gen Macro viruses DoS Limited hacking 1st Gen Boot viruses 1980s 1990s Today Future

7 Threat Defense Products that protect the network and endpoints from both known and unknown threats. These products are crucial to layered security deployment in any network. Defensive strategy Is Defense all you need to win?

8 Trust and Identity Mitigate the risk associated with unauthorized individuals or devices accessing the company’s network. Use analogies such as security badges providing varied levels of access for different individuals. Develop a more robust method to manage how and who can access certain information. Manage access by functional areas within an organization i.e. (Human Resources and Finance.)

9 Secure Communications
Converged and wireless networks create a great deal of interesting issues related to securing communication. A "must have" solution for companies with employees who work remotely or companies that engage in e-commerce or other business-to-business electronic communications.

10 Management Network and security management tools allow one to offensively detect, prioritize, and respond to perceived threats. Use analogies such as the airport control tower, where all is monitored, managed, and directed. Having the ability to direct and control the network activities is a critical element in a successful security program. Reinforce that without the tools to identify and prioritize potential issues, one will not be able to leverage the investment made in all of the robust defense equipment.

11 What are Customers Looking For?
Why Do I Care? Key Points Embedded device managers, which are very similar in many aspects, are available for virtually all Cisco security, wireless, and telephony devices. These are very easy to use, requiring much less technical skill to configure and implement. Many have built in wizards or interactive setup features. Target Market Device managers are targeted at the SOHO and SMB markets. Typically, use with networks of 10 devices or less. Above this number, VMS is recommended The Self-Defending Network and Solution: Integrated Security Management

12 The Cisco Story Integrated Security: Building Blocks for The SDN SDNs
End-to-End Protection Security aware elements Dynamic comm. between security elements Self-protecting Defense In Depth Integrated security Routers Switches Appliances Endpoints FW + VPN + IDS. . . Integrated management software Evolving advanced services Point Products Basic Security Multiple technologies Multiple locations Multiple appliances Little / no integration The Cisco Story Key Points Cisco faces a couple of types of strategies by competitors in the field. One, is to argue that Cisco is not a security company. The second, acknowledges that Cisco knows security and instead, tries to best Cisco by claiming to have better security products. To counter the first, it is necessary to have an understanding of the “Cisco Story”. Facilitator Note Participants have already seen this so get through this slide quickly. The important point to emphasize is that Cisco has a vision for security. Additional Material Building the self-defending network is an ongoing process: First stage is basic security – common in the late 90’s Point security products such as PIX firewalls then come into the picture and are an important foundation for an Integrated Approach Multiple point products in multiple locations became the next stage of security – Defense in Depth. While an improvement, this approach does not bring security deep into the network architecture. It’s still bolted-on. Integrated security means that security is deeply integrated into all aspects of the network and in all network devices – routers, switches as well as security appliances Once security is integrated – then a systems level architecture can be crafted. Whereby the security aware elements can communicate with each other With a systems level approach, security awareness can become part of the network – on a true “end-to-end” basis that includes PCs and laptops. This is the Self Defending Network. How do you use this slide to position SDN with your customers? Security appliances Enhanced router security Separate management software Basic router security Command Line Interface (CLI) 1990s 2000 2002 2003 2004 Competition

13 The New Computing Paradigm
Web Application Calendar Audio-Conferencing Collaboration SECURITY IP Network Wrapping applications around IP In order to be able to address this we will need security built up front in every device Read quote Video- on-Demand Voice Messaging Telephone Services Telephone Services Instant Messaging Contact Center IT managers must use their existing corporate networks more effectively to create, maintain and maximize business relationships. That means opening the network to implement more flexible access models that make the right information available to the right people at the right time. On the other hand, that very openness requires a new approach to security. Jamie Lewis – CEO, Burton

14 Evolution of Security Requirements
New Methods & New Architectures PAST NEEDED NOW Reactive Automated, Proactive Standalone Integrated Multiple Layers A collaborative systems approach – not just between security services, but between security, networking, and QoS. With more than 20 years of innovation and the leading provider of networks – this is Cisco’s opportunity and we believe customer mandate. But we can’t do this alone. The security market consists of many vendors and our customers have invested heavily. Cisco’s challenge is to build systems that leverage YOUR network, endpoints, and applications – not just end-to-end Cisco customers. Product Level System-level Services A Collaborative Systems Approach

15 Why Self Defending Networks?
Organizations cannot react quickly enough to these new blended threats The security threat is only getting worse. Point products only address a small segment of the network Customers need an automated system to address these ongoing threats with the right security capabilities embedded everywhere in their network infrastructure and end points

16 Self-Defending Network Strategy
Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats SECURITY TECHNOLOGY INNOVATION SYSTEM-LEVEL SOLUTIONS INTEGRATED SECURITY – BUSINESS VALUE MODEL Endpoint Security Application Firewall SSL VPN Network Anomaly Detection Endpoints + Networks + Policies Services Partnerships Trust and Identity Threat Defense Secure Connectivity

17 Rethinking Security 1. What are you trying to do?
What are your business objectives? What technologies or services are needed to support these objectives? Do they leverage your existing resources? Are they compatible with your current infrastructure and security solutions? 2. What risks are associated with this? Will you introduce new risks not covered by your current security solutions or policy? 3. How do you reduce that risk? How valuable are the assets at risk? What is your tolerance for risk? In order to solve this problem we have to rethink Security This starts with asking some fundamental questions taken from the CISSP Guidelines Business objectives – not related to technology just about the business What are you trying to do? Eg deploying IP telephony – ask the questions What risks? – if we do this what are the risks Reducing the risk – how much risk are you willing to accept? This is about risk reduction not elimination Business objectives should drive security decisions

18 Rethinking Security Security is more than products…
Security solutions must be chosen with business objectives in mind They must also: - Leverage existing infrastructure and intelligence - Contribute to correlative analysis and response - Provide automated, collaborative defense - Be INTEGRATED parts of a security SYSTEM Security IS about RISK REDUCTION in a rapidly evolving environment Maximum risk reduction is ALWAYS achieved with an integrated solution built on a flexible and intelligent infrastructure Not about products Correlative analysis – be able to aggregate information from a variety of sources vs. product silos from multiple vendors Automated – I don’t need to intervene, collaborative – multiple devices working together to solve my problem Risk reduction requires integrated solutions and services

19 Self Defending Network Advantages
Use What You Have Leverage existing network infrastructure by enabling security in existing infrastructure Deploy Security Where You Need It Most Apply security functionality anywhere in the network – protect all network entry points Save Time and Money Minimize the number of devices and management tools; maximize IT staff efficiency Protect Your Infrastructure Use the network to protect the network Reduce Your Risk Deploy integrated security to minimize exposure to risk

20 Security Acquisitions
2004, NAC addition 2004, Security Mgmt. 2004, DDOS Protection 2004, SSL VPN Client 2003, HIPS 2002, CTR (Technology) 2001, VPN (Technology) Announced December 2004 – Affordable Correlation, Mitigation 2000, VPN (Enterprise) 2000, VPN (SP) 1998, IDS 1995, PIX

21 Cisco Security Product Overview Cisco Systems

22 TRUST AND IDENTITY Title Page: Trust and Identity Leading Questions
What do you know about trust and identity? What Trust and Identity solutions have you sold? How do you sell it with security? What are the benefits? Bring back to the point that Trust and Identity: Meets the need for different user profiles, based on where, when, how, and who is accessing the network 22 22 22 The Self-Defending Network and Solution: Trust and Identity

23 Cisco’s NAC Solution Overview
NAC Solution: Leverage the network to intelligently enforce access privileges based on endpoint security compliance Network Access Devices Policy Server Decision Points Host Sends Credentials to Access Device using EAP (UDP or 802.1x) 1 Host Attempting Network Access Access Device forwards Credentials to Policy Server (ACS) using RADIUS 2 ACS Server authenticates ID and passes AV info to AV Vendors Servers 3 1 2 3 EAP RADIUS HCAP AV Vendors Servers respond with Compliance/Non-Compliance Message 4 Partners: Day-zero virus and worm invasions continue to disrupt business, causing downtime and continual patching. Cisco Network Admission Control enables organizations to reduce the risk that worms and viruses will disrupt enterprise operations. This is done by preventing vulnerable hosts from obtaining and retaining normal network access. NAC ensures all hosts comply with the latest corporate anti-virus and operating system patch policies prior to obtaining normal network access. Vulnerable and non-compliant hosts may be isolated and given reduced network access until they are patched and secured, thus preventing them from being the targets of or the sources for worm and virus infections. Cisco Network Admission Control is a unique approach to prevent vulnerable and non-compliant hosts from impacting enterprise resilience, and it enables customers to leverage their existing network and AV infrastructure. Key unique benefits NAC provides include: Comprehensive span of control – all access methods hosts use to connect to the network are covered – campus switching, wireless, router WAN links, IPsec remote access, and dial-up Multi-vendor solution – NAC is a Cisco-led, multi-vendor collaboration with the leading anti-virus vendors Network Associates, Symantec, and Trend Micro Extension of existing technologies and standards – NAC extends the use of existing communication protocols and security technologies, such as Extensible Authentication Protocol (EAP), 802.1X, and RADIUS services Leverage network and anti-virus investment – NAC ties together existing investments in the network infrastructure and anti-virus technology to provide admission control facilities There are four components of the NAC system, 3 are illustrated in the figure. Endpoint Security Software (AV, Cisco Security Agent, Personal Firewall) and the Cisco Trust Agent – The Cisco Trust Agent collects security state information from multiple security software clients, such as Anti-Virus clients, and communicates this information to the connected Cisco network where access control decisions are enforced. Application and operating system status, such as anti-virus and operating system patch levels or credentials, can be used to determine the appropriate network admission decision. Cisco and NAC co-sponsors will integrate the Cisco Trust Agent with their security software clients. Network Access Devices – Network devices which enforce admission control policy include routers, switches, wireless access points, and security appliances. These devices demand host credentials and relay this information to policy servers where network admission control decisions are made. Based on customer-defined policy, the network will enforce the appropriate admission control decision: permit, deny, quarantine, restrict. Policy Server – The policy server is responsible for evaluating the endpoint security information relayed from network devices and determining the appropriate access policy to apply. Cisco Secure ACS server, an Authentication, Authorization, and Accounting RADIUS server, is the foundation of the policy server system. It may work in concert with NAC co-sponsor application servers that provide deeper credential validation capabilities, such as anti-virus policy servers. Management System – Cisco management solutions will provision the appropriate Cisco NAC elements and provide monitoring and reporting operational tools. CiscoWorks VPN/Security Management Solution (CiscoWorks VMS) and CiscoWorks Security Information Manager Solution (CiscoWorks SIMS) form the basis for this capability. Cisco’s NAC co-sponsors will provide management solutions for their endpoint security software. The key characteristics of NAC are: All methods of connecting to the network are covered: interoffice through gateways, campus switches, wireless APs, remote access via IPsec VPN and dial-in. All hosts accessing the network may be validated. The Cisco Trust Agent enables administrators to obtain information about the operating system and applications on the host to be used for the admission control decision (such as AV & OS patch information). Hosts that do not have CTA installed, called non-responsive devices, may also have their privileges set based initially in IP address and later by integration with scanning, fingerprinting, and links to inventory tracking technologies. The basis for NAC is the (re)use of existing investments in Cisco routers, switches, and security appliances, as well as corporate investments in Antivirus technology. An overlay system is not required to perform admission control. The architecture adopted by NAC allows for the integration of a wide variety of application and vendor support. Initially it ties to the leading AV vendor’s products as Cisco’s own CSA (for host OS credentials and to confirm CSA is installed). Over time this set of applications will expand. Quarantining non-compliant hosts allows the staff to bring those system up to compliance before granting normal network access. This allows IT to effectively manage risk. NAC, when adopted by an organization, will need to have a span of control that covers the entire network, not just portions of it. By leveraging centralized AAA facilities, this type of scalability is possible. 7 5 4 Cisco Trust Agent Cisco ACS Server AV Vendor Server Policy Server Responds to Access Device with Access Rights and VLAN assignment 5 Access Device accepts rights, enforces policy, and notifies client: (Allow/Deny/Restrict/Quarantine) 7 6 6 IBM

24 Cisco Clean Access Solution (Perfigo)
Cisco Clean Access Server Cisco has licensed the Perfigo CleanMachines solution, and will sell under the name “Cisco Clean Access” Products Orderable as of October 29, 2004 (Perfigo SmartServer) Serves as an in-line device for network access control Cisco Clean Access Manager (Perfigo SmartManager) Centralizes management for administrators, support personnel, and operators Cisco Clean Access Agent (Perfigo SmartEnforcer) Optional client for device-based scanning and remediation in managed and unmanaged environments Recognizes: Users, device, and role (guest, employee, contractor) Evaluates: Identify security posture and vulnerabilities Enforces: Enforce security policies and eliminate vulnerabilities

25 Perfigo SmartEnforcer (optional)
Cisco Acquisition of Perfigo – CleanMachines Admission control for Small-Medium Business Perfigo SmartEnforcer (optional) THE GOAL 1. End user attempts to access a web page or uses an optional client Network access is blocked until end user provides login information. Authentication Server Perfigo SmartManager Perfigo SmartServer 2. User is redirected to a login page Intranet/Network CleanMachines validates username and password. Also performs device and network scans to assess vulnerabilities on the device. Quarantine Role 3b. Device is “clean.” 3a. Device is non compliant or login is incorrect Machine gets on “clean list” and is granted access to network. User is denied access and assigned to a quarantine role with access to online remediation resources.

26 THREAT DEFENSE SYSTEMS
Title Page: Threat Defense Systems Leading Questions What do you know about threat defense? What threat defense systems have you sold? How do you sell it with security? What are the benefits? Facilitator Notes These questions will give you an understanding of where the class is at in terms of their understanding of security and help you determine to what level you will need to cover the secure connectivity solution slides. 26 26 26 The Self-Defending Network and Solution: Threat Defense

27 Threat Defense System Technologies
Firewall PIX Security Appliance, IOS FW, Catalyst FWSM Network IDS / IPS IDS Appliances, Catalyst IDS Module, Router IDS Module, IOS- IDS, Cisco Guard XT 5650, Anomaly Detector 5600 Endpoint Security Cisco Security Agent Network Services IOS Security Services, Private VLANs, ACLs, QoS IOS Infrastructure Security AutoSecure, Secure ACL, Control Plane Rate Limiting, CPU/Memory Thresholding Intelligent Investigation Cisco Threat Response (CTR) Content Security Content Engines, Router Network Modules Security Management Device Managers, CiscoWorks VMS, Cisco Works SIMS New IPS Capabilities Threat Defense System Technologies Key Points Cisco has a complete threat defense system with components integrated throughout the network. This slide demonstrates the various components that map to security solutions for threat defense. When presenting to customers, sell at the level of risk mitigation and integrated security. When you are looking to buy a car, would you go shopping for brakes or a seat belt from another company? Example What type of air or water filter would you prefer in your home? Single layer, dual layer, HEPA, ionic, reverse osmosis, etc. Network attacks are just like dirt, dust, and vapor contaminates. You need different filters to catch each type of packet or fragment. A firewall (IOS FW or PIX) is really a general filter. It blocks most (80%) of the unwanted traffic. This means 20% of the contaminates gets through. This is why we need an IDS and CTR to analyze the 20% that makes it past the firewall. (This is like an emergency warning system) We need to know whether what makes it past is really a concern. A content filter provides an even finer layer of filtering. Ultimately some contaminates will reach us (endpoints) from the outside (internet) and even worse, from the inside (other hosts). This is why we each need our own personal protection such as gloves, facemasks, and immune systems.(CSA, CTA, AV) With NAC, if a endpoint is the source of the contaminate, it is promptly isolated. Additional Material Touch on the latest additions, enhancements, roadmaps in TDS: PIX 7.0, F1, Inline IDS, IOS Security, Management The Self-Defending Network and Solution: Threat Defense

28 SECURE CONNECTIVITY Title Page: Secure Connectivity Leading Questions
What do you know about secure connectivity (VPNs)? What are the benefits to the customer business? How do you sell it with security? Facilitator Notes These questions will give you an understanding of where the class is at in terms of their understanding of security and help you determine to what level you will need to cover the secure connectivity solution slides. 28 28 28 The Self-Defending Network and Solution: Secure Connectivity

29 SSL VPN and IPSec Connectivity Profiles SSL VPN IPSEC VPN
Uses a standard web browser to access the corporate network SSL encryption native to browser provides transport security Applications accessed through browser portal Limited client/server applications accessed using applets Uses purpose-built client software for network access Client provides encryption and desktop security Client establishes seamless connection to network All applications are accessible through their native interfaces SSL VPN and IPSec Both industry-accepted standards should be embraced and readily available. Key Points SSL – Enables customers to have access from anywhere. Drawback is that this access may be somewhat limited. To have access to more applications, IP Sec VPN is needed. SSL is ideal for and a few applications. IP Sec – Allows end users to have access to more applications, but requires a client. Competitor differentiator. Cisco offers SSL VPN free with the VPN concentrator and IP Sec implementation. No one else offers both on the same device. Examples VPN can be set up to allow partners access. With VPN, you can partition only parts of the network that you want them to see. An example for SSL could be allowing limited access at a trade show to demonstrators/visitors. New SSL Enhancements Cisco recently acquired Twingo’s core technology – the Virtual Secure Desktop – which removes sensitive security information related to an SSL VPN connection at the close of the session. This protects from exploitation of such information for host network or system penetration. Twingo’s Virtual Secure Desktop writes all data associated with the SSL VPN session to a single and segregated part of the end systems’ hard drive. This provides a single location for session clean-up and partitions the session from unsecured areas of the end system. The Virtual Secure Desktop is transparent to the end user and users continue to have access to all of the PC’s hardware and software resources. The Self-Defending Network and Solution: Secure Connectivity

30 INTEGRATED SECURITY MANAGEMENT
Title Page: Integrated Security Management Leading Questions Why is integrated security management important? How do you sell it with security? 30 30 30 The Self-Defending Network and Solution: Integrated Security Management

31 Cisco Security Management Portfolio
User AAA Control Framework for Managing Administrative Access to the Network Cisco Secure – Access Control Sever Security Management, Policy Administration, Monitoring and Analysis CiscoWorks Security Information Mgmt. Solution Multi-Device and Services Managers CiscoWorks VPN/Security Management Solution Embedded Device Managers Security Management Portfolio Leading Question Which of these solutions address the two areas mentioned on the previous slide? (deployment/ongoing management, monitoring for security events) CiscoWorks VMS and Embedded Device managers address deployment and ongoing management and configuration CiscoWorks SIMS Key Points Access control server is becoming more key. Access control server has components that relate to administration. It is more for managing users than managing network devices. It determines who has privileges to use the network. Positioning Device managers are wonderful and offer some basic monitoring. For free products these are powerful and may be sufficient for SOHO and SMB. Enterprise level and manage whole network – VMS Event monitoring for multi-vendor solutions – SIMS. VMS can do some event monitoring for Cisco integrated security. Cisco IEV Cisco SDM Single Device Managers Cisco IDM Cisco PDM Cisco VPN3KDM IPS Firewall VPN

32 Protego MARS Overview and Product Line
1TB na MARS GC 750GB 120GB RAID Storage 10,000 5,000 3,000 1,000 500 Events / Second MARS 200 MARS 100 MARS 100e MARS 50 MARS 20 Model Protego is a pioneer and leading provider of enterprise security monitoring and threat mitigation utilizing a custom appliance, empowering companies to readily identify, manage and eliminate network attacks, as well as maintain compliance. Founded August 2002 Based in Sunnyvale , CA 40+ customers 38 employees

33 Defense-In-depth = Complexity
Infected Host Log/Alert

34 What is MARS Mitigation and Response System (MARS)
Security Event/Information Manager Correlate Syslog, SNMP, RDEP, SDEE, Windows Security Event logs, and NetFlow Real-time Incident creation and Visualization Real-time Mitigation Re-Play Positive alert verification [create System False Positives] Leveraging customers existing investment With a bunch of: “Look what else we can do” Real-time Mitigation with the Ability to *Shutdown* offending devices Leveraging customers existing investment - CSA, NIDS, IPS, IOS, CATOS

35 Self-Defending Network Strategy
Cisco Strategy to Dramatically Improve the Network’s Ability to Identify, Prevent, and Adapt to Threats SECURITY TECHNOLOGY INNOVATION SYSTEM-LEVEL SOLUTIONS INTEGRATED SECURITY Trust and Identity Threat Defense Secure Connectivity Endpoint Security SSL VPN Network Anomaly Detection Application Firewall Endpoints + Networks + Policies Services Partnerships

36 Cisco Security Agent Next-generation security solution provides threat protection for servers and desktops Identifies and prevents malicious behavior before it occurs Unique behavior analysis addresses known and unknown threats Protects against: port scans buffer overflows Trojan horses Malformed packets Malicious HTML requests worms “Day-zero” attacks and more… CSA

37 Cisco Security Agent Behavioral Protection for Endpoints
Rapidly mutating Continual signature updates Inaccurate Ping addresses Scan ports Guess passwords Guess mail users Mail attachments Buffer overflows ActiveX controls Network installs Compressed messages Backdoors Probe 1 2 Penetrate Target 3 Persist Create new files Modify existing files Weaken registry security settings Install new services Register trap doors Most damaging  Change very slowly  Inspiration for Cisco® Security Agent solution 4 Propagate Here is how it works: 5 steps of an attack – 5 Ps Historically all of our security tools for endpoints have been focused on Probing, Penetration – guessing passwords. The problem is that these vulnerabilitys are ever changing So what we have done is look at behaviors – we don’t focus on the attacki we enforce policy at the end point The malicious activity attempted after an attack reaches a target has not changed much, if at all since the Morris Worm of All threats and attacks will follow the same logical progression: Vulnerable targets are identified in the Probe phase. The goal of this phase is to find computers that can be subverted. Exploit code is transferred to the vulnerable target in the Penetrate phase. The goal of this phase is to get the target executing the exploit code via some attack vector like a buffer overflow. Once an exploit has been successful, the exploit code tries to make itself persistent on the target. The goal of the Persist phase is to ensure that the attacker’s code will be running and available to the attacker even if the system reboots. Now that an attacker has a beachhead in the organization, it is time to extend this to other targets. The Propagate phase looks for vulnerable neighboring machines that the exploit code can spread to. Only in the Paralyze phase is actual damage done. Files are erased, systems are crashed, Distributed Denial Of Service attacks are launched. There is a major dividing line between the Penetrate and the Persist stages. The first two stages are highly subject to mutation (the footprint of the attack is continually changing). They are also highly subject to being hidden from defenses via “Evasion Techniques” like Unicode encoding of web strings or overlapping packet fragments. Since attack identification at the Penetrate stage involves a certain amount of interpretation (guessing how the target computer will handle the network packet), it tends to be a large generator of false alarms. The last three stages, in contrast, are highly stable over time. There is a limited number of malicious activities that an attacker can do – modify the operating system, add a new user account, open up an outgoing network connection, delete files. This list has remained remarkably stable over long time periods; the Morris Worm of 1988 did the same types of damage as the NIMDA Worm of Also, because modification of operating system binaries is highly remarkable and unusual, it is much easier to identify attacks accurately at these stages. In short, if you try to identify attacks at the early stages of the 5P’s, each attack will look different, and you will be caught in the “update race”. If you look for attacks in the final three stages of the 5P’s, everything will look a lot like what we’ve seen for the last 15 years. The only hope of having true proactive security is by focusing on the back end. 5 Mail copy of attack Web connection IRC FTP Infect file shares Paralyze Delete files Modify files Drill security hole Crash computer Denial of service Steal secrets

38 Why Cisco for Security? Cisco is uniquely positioned to execute, design and deliver the Self Defending Network Largest suite of offerings with security capabilities embedded in all of our networking products Unique endpoint protection for desktops and critical servers with CSA and intelligent management of the endpoints with NAC Cisco’s long term strategy is to deliver automated prevention and remediation mechanisms throughout the network

39 Security Now a Baseline Architecture for All Cisco Technologies
Switching Routing IP Telephony I want to thank you for your time. Enjoy the conference, and we look forward to becoming your trusted advisor as you build your own self defending network… Storage Networking Networked Home Wireless LAN

40 “The frustrating reality of the security guy is that when everything runs perfectly…nobody notices…which is exactly what should happen.” Robb Boyd, CISSP Cisco Systems 40 40 40

Download ppt "Security = Top Business Issue"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.

1 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Integrated Security: Building The Self-Defending Network Bogdan Constantinescu Area Manager Romania.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Information Security in Real Business

Information Security in Real Business
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, 2007. This.

Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, This.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Similar presentations

Ads by Google