Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
A rede como um sensor de segurança
1. Enterprise
Networks
Security
Leverage
the
Network
to
Protect
Against
and
Mi;gate
Threats
Fernando Lucato / Heitor Silva
Business Development – Enterprise Networks LATAM
2. • Industry
trends
and
business
drivers
• Enterprise
Networks
priori;es
and
focus
areas
• Securing
Enterprise
Networks
• Products
within
the
solu;on
• Use
cases
• Demo
• Q&A
Agenda
4. 852%
Revenue
Growth
2005
to
2013
Bookstore
Taxi
Music
Newspaper
Point-‐of-‐Sale
200
Ci;es
45
Countries
40
Million
Subscribers
$30B
Forecasted
Transac;ons
in
2014
31%
of
WW
Digital
Ad
Revenue
Digi;za;on
disrup;ng
well
established
businesses
The
digital
businesses
are
disrup;ng
the
market
5. 0
2
4
6
8
10
12
14
2014 2015 2016 2017 2018 2019
Gaming (0.03% , 0.05% )
File Sharing (16.0% , 5.2% )
Web/Data (23.2% , 13.2% )
IP VoD (6.0% , 10.3% )
Internet Video (54.8% , 71.2% )
Video
traffic
growth
(La;n
America)
By
2019,
IP
Video
will
represent
82%
of
traffic
Source:
Cisco
VNI
Global
IP
Traffic
Forecast,
2014–2019
25%
CAGR
2014–2019
Exabytes
per
Month
*
Figures
(n)
refer
to
2014,
2019
traffic
shares
6. SD
2
Mbps
HD
7.2
Mbps
UHD
18
Mbps
10
33
77
146
245
371
0
50
100
150
200
250
300
350
400
2014 2015 2016 2017 2018 2019
Connetced
4Ks
TVs
(M)
Source:
Cisco
VNI
Global
IP
Traffic
Forecast,
2014–2019
Video
defini;on
increment
By2019,
more
than
31%
of
the
connected
TVs
will
be
4K
7. And
speed
is
an
obsession
for
networks
users…
68%
of
all
broadband
access
by
2019
Online
Video
(HD
movie
download)
22
minutes
(UHD
movie
download)
2
hours
10
Mbps
33%
of
all
broadband
access
by
2019
Online
Video
(HD
movie
download)
9
minutes
(UHD
movie
download)
48
minutes
25
Mbps
7%
of
all
broadband
access
by
2019
Online
Video
(HD
movie
download)
2
minutes
(UHD
movie
download)
12
minutes
100
Mbps
12. Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation
New
Networks
Mean
New
Security
Challenges
Organizations lack visibility
into which and how many
devices are on their Network
Services are moving to the
Cloud at a faster rate than IT
can keep up
Over 50 billion connected
“smart objects” by 2020.
Acquisitions, joint ventures,
and partnerships are
increasing in regularity.
ENTERPRISE
MOBILITY
ACQUISITIONS AND
PARTNERSHIPS
CLOUD
INTERNET OF
THINGS
It’s
Not
“IF”
You
Will
Be
Breached…It’s
“WHEN.”
Expanded
Enterprise
Acack
Surface
13. Network
Threats
Are
Gedng
Smarter
1990
2020
2015
2010
2005
2000
1995
Phishing,
Low
Sophis;ca;on
Hacking
Becomes
an
Industry
Sophis;cated
Acacks,
Complex
Landscape
Viruses
1990–2000
Worms
2000–2005
Spyware
and
Rootkits
2005–Today
APTs
Cyberware
Today
+
Criminals
Know
More
About
Your
Network
Than
You
Do
Custom
Malware
Remains
Dormant
for
Months
to
Learn
Vulnerabili;es
in
the
Network
and
then
Acack
those
Vulnerabili;es.
16. Cisco’s
Threat-‐Centric
Approach
to
Security
BEFORE AFTERDURING
Network as a Sensor
Flexible
NetFlow
u
Lancope
StealthWatch
u
ISE
Network as an Enforcer
Flexible
NetFlow
u
Lancope
StealthWatch
u Cisco TrustSec u ISE
17. Cisco
Network
as
a
Sensor
(NaaS)
Detect
Anomalous
Traffic
Flows,
Malware
IdenTfy
User
Access
Policy
ViolaTons
Obtain
Broad
Visibility
into
All
Network
Traffic
18. Cisco
Network
as
an
Enforcer
(NaaE)
Implement
Access
Controls
to
Secure
Resources
Contain
the
Scope
of
an
Aeack
on
the
Network
QuaranTne
Threats,
Reduce
Time-‐to-‐RemediaTon
19. Network
as
a
Sensor
(NaaS)
Ø Cisco
Networking
Porlolio
Ø Cisco
NetFlow
Ø Lancope
StealthWatch
Ø Cisco
Iden;ty
Services
Engine
(ISE)
Deeper
Visibility
and
Greater
Defense
against
Network
Threats
Network
as
an
Enforcer
(NaaE)
Ø Cisco
Networking
Porlolio
Ø Cisco
NetFlow
Ø Lancope
StealthWatch
Ø Cisco
Iden;ty
Services
Engine
(ISE)
Ø Cisco
TrustSec
Somware-‐Defined
Segmenta;on
20. NetFlow
for
Dynamic
Network
Awareness
Understand
Network
Behavior
and
Establish
a
Network’s
Normal
Network Flows Highlight Attack Signatures
A
Powerful
InformaTon
Source
for
Every
Network
ConversaTon
Each
and
Every
Network
Conversa;on
over
an
Extended
Period
of
Time
Source
and
Des;na;on
IP
Address,
IP
Ports,
Time,
Data
Transferred,
and
More
Stored
for
Future
Analysis
A
CriTcal
Tool
to
IdenTfy
a
Security
Breach
Iden;fy
Anomalous
Ac;vity
Reconstruct
the
Sequence
of
Events
Forensic
Evidence
and
Regulatory
Compliance
NetFlow
for
Full
Details,
NetFlow-‐Lite
for
1/n
Samples
21. Lancope
StealthWatch
System
Network
Reconnaissance
Using
Dynamic
NetFlow
Analysis
Monitor
Detect
Analyze
Respond
Ø Understand
your
network
normal
Ø Gain
real-‐;me
situa;onal
awareness
of
all
traffic
Ø Leverage
Network
Behavior
Anomaly
detec;on
&
analy;cs
Ø Detect
behaviors
linked
to
APTs,
insider
threats,
DDoS,
and
malware
Ø Collect
&
Analyze
holis;c
network
audit
trails
Ø Achieve
faster
root
cause
analysis
to
conduct
thorough
forensic
inves;ga;ons
Ø Accelerate
network
troubleshoo;ng
&
threat
mi;ga;on
Ø Respond
quickly
to
threats
by
taking
ac;on
to
quaran;ne
through
Cisco
ISE
22. Cisco
Iden;ty
Services
Engine
(ISE)
Adding
Visibility
and
Context
to
NetFlow
INTEGRATED
PARTNER CONTEXT
NETWORK / USER
CONTEXT
How
WhatWho
WhereWhen
SEND
CONTEXTUAL
DATA
COLLECTED
FROM
USERS,
DEVICES,
AND
NETWORKS
TO
LANCOPE
FOR
ADVANCED
INSIGHTS
AND
NETFLOW
ANALYTICS
23. What
Can
Cisco
NaaS
and
NaaE
Offer
You?
Consistent
Control
Complexity
ReducTon
Consistent
Policies
Across
the
Network
and
Data
Center
Fits
and
Adapts
to
Changing
Business
Models
Global
Intelligence
With
the
Right
Context
Detects
and
Stops
Advanced
Threats
Advanced
Threat
ProtecTon
Unmatched
Visibility
24. Network
as
a
Sensor/Network
as
an
Enforcer
Use
Cases
25. Customer
Case
Study
-‐
Network
as
a
Sensor
Industry:
Retail
Company:
Large
Known
Global
Retailer
Exis2ng
Environment:
• Large
Cisco
Switch
&
Router
Footprint
• ASA
&
ISE
Customer
Challenges:
• Limited
visibility
&
intelligence
across
their
highly-‐distributed
retail
footprint
• Lack
of
ability
to
correlate
numerous
data
sets
Results:
• Amer
deploying
Cisco
Nellow,
Lancope
Stealth
Watch
and
Cisco
ISE
• Gains
Retail
Point-‐of-‐Presence
Visibility
• Deeper
Understanding
into
Network
Applica;on
Usage
26. Customer
Case
Study
-‐
Network
as
an
Enforcer
Industry:
Banking
Company:
Large
Known
Global
Bank
Exis2ng
Environment:
• Large
Cisco
Switch
&
Router
Footprint
Customer
Challenges:
• Visibility
into
the
network
and
rogue
devices
• Policy
enforcement
of
user
to
data
center
policies
• Mee;ng
compliance
audits
Results:
• Amer
deploying
Lancope
Stealth
Watch
Cisco
ISE
and
Cisco
TrustSec
• Gain
Deep
Visibility
into
Network
Access
and
Devices
• Segment
Network
Access
and
Assets
using
Business
Role
Based
Policies
• Accelerated
;me
to
Compliance
Audits
28. Behavioral
Analysis
• Leverages
knowledge
of
known
bad
behaviour
Anomaly
DetecTon
• Iden;fy
a
change
from
“normal”
Behavioral
Analysis
&
Anomaly
Detec;on
29. Solu;on
Architecture
StealthWatch
Management
Console
UDP
Director
FlowCollector
NetFlow,
syslog,
SNMP
NetFlow
enabled
infrastructure
FlowSensor
VMware
ESX
with
FlowSensor
VE
User
and
Device
Informa;on
StealthWatch
IDen;ty
Cisco
ISE
Feeds
of
emerging
threat
informa;on
Unified View:
Security and Network
Monitoring
30. NaaS:
Powered
by
StealthWatch
Denial
of
Service
SYN
Half
Open;
ICMP/UDP/Port
Flood
Worm
PropagaTon
Worm
Infected
Host
Scans
and
Connects
to
the
Same
Port
Across
MulTple
Subnets,
Other
Hosts
Imitate
the
Same
Above
Behavior
FragmentaTon
Aeack
Host
Sending
Abnormal
#
Malformed
Fragments.
Botnet
DetecTon
When
Inside
Host
Talks
to
Outside
C&C
Server
for
an
Extended
Period
of
Time
Host
ReputaTon
Change
Inside
Host
PotenTally
Compromised
or
Received
Abnormal
Scans
or
Other
Malicious
Aeacks
Network
Scanning
TCP,
UDP,
Port
Scanning
Across
MulTple
Hosts
Data
ExfiltraTon
Large
Outbound
File
Transfer
VS.
Baseline
31. Policy
Defined
Role-‐Based
Segmenta;on
Flexible
and
Scalable
Policy
Enforcement
Switch
Router
DC
FW
DC
Switch
Simplified
Access
Management
Accelerated
Security
Opera;ons
Consistent
Policy
Anywhere
Who
can
talk
to
whom
Who
can
access
protected
assets
How
systems
can
talk
to
other
systems
Desired
Policy
NaaE:
Segmenta;on
via
TrustSec
32. StealthWatch
Capabili;es
Summary
Visibility
• Context-‐aware
visibility
into
network,
applica;on
and
user
ac;vity
• BYOD
• Cloud
monitoring
• IPv6
• East-‐West
Traffic
monitoring
• Network
segmenta;on
Threat
DetecTon
• Advanced
Persistent
Threats
• Botnet
(CnC)
Detec;on
• Data
Exfiltra;on
• Network
Reconnaissance
• Insider
Threat
• DDoS
• Malware
• Network
Behavior
Anomaly
Detec;on
• SLIC
threat
feed
Incident
Response
• In-‐depth,
flow-‐
based
forensic
analysis
of
suspicious
incidents
• Scalable
repository
of
security
informa;on
• Retrace
the
step-‐by-‐
step
ac;ons
of
a
poten;al
acacker
• On-‐demand
packet
capture
Network
DiagnosTcs
• Applica;on
Awareness
• Capacity
Planning
• Performance
Monitoring
• Troubleshoo;ng
User
Monitoring
• Cisco
ISE
• Monitor
privileged
access
• Policy
enforcement
35. TradiTonal
Security
Policy
Cisco
TrustSec
Somware-‐Defined
Segmenta;on
Provide
Role-‐Based
Segmenta;on
to
Control
Access
and
Contain
Threats
TrustSec
Security
Policy
SegmentaTon
Policy
Enforced
Across
the
Extended
Network
Switch
Router
VPN
&
Firewall
DC
Switch
Wireless
Controller
Simplifies
Firewall
Rule,
ACL,
VLAN
Management
Prevents
Lateral
Movement
of
Poten;al
Threats
Eliminates
Costly
Network
Re-‐architecture
36. Segmenta;on
is
Powerful
Security
Tool
“Network segmentation… is one of the most effective
controls an agency can implement to mitigate the second
stage of a network intrusion, propagation or lateral
movement”
“Good network and role segmentation will do wonders for
containing an incident.”
“Effective network segmentation… reduces the extent to
which an adversary can move across the network”
“Segregate networks, limit allowed protocols usage and limit
users’ excessive privileges.”
2014 DATA BREACH
INVESTIVATIONS REPORT
The Untold Story of the Target Attack
Step by Step
Aortato Labs, August 2014
37. Bringing
It
All
Together
Architec;ng
Network
as
a
Sensor
and
Network
as
an
Enforcer
Network Sensor
(Lancope)
NGFW
Campus/DC
Switches/WLC
Cisco Routers /
3rd Vendor Devices
Threat
NGIPS
API
API (pxGrid)
ISE
Network Sensors Network Enforcers
Policy & Context
Sharing
TrustSec
Security Group Tag
Cisco Collective
Security Intelligence
Confidential
Data