A rede como um sensor de segurança

264 visualizações

Publicada em

Apresentação realizada por profissional Cisco no Security Week

Publicada em: Tecnologia
0 comentários
0 gostaram
Estatísticas
Notas
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Sem downloads
Visualizações
Visualizações totais
264
No SlideShare
0
A partir de incorporações
0
Número de incorporações
4
Ações
Compartilhamentos
0
Downloads
5
Comentários
0
Gostaram
0
Incorporações 0
Nenhuma incorporação

Nenhuma nota no slide

A rede como um sensor de segurança

  1. 1. Enterprise  Networks  Security   Leverage  the  Network  to  Protect  Against  and  Mi;gate  Threats     Fernando Lucato / Heitor Silva Business Development – Enterprise Networks LATAM
  2. 2. •  Industry  trends  and  business  drivers   •  Enterprise  Networks  priori;es  and  focus  areas   •  Securing  Enterprise  Networks   •  Products  within  the  solu;on     •  Use  cases     •  Demo   •  Q&A   Agenda    
  3. 3. Industry  trends  and  business  drivers    
  4. 4. 852%   Revenue  Growth     2005  to  2013   Bookstore   Taxi   Music   Newspaper  Point-­‐of-­‐Sale   200   Ci;es   45   Countries   40  Million   Subscribers   $30B   Forecasted  Transac;ons   in  2014   31%   of  WW  Digital     Ad  Revenue   Digi;za;on  disrup;ng  well  established  businesses   The  digital  businesses  are  disrup;ng  the  market  
  5. 5. 0 2 4 6 8 10 12 14 2014 2015 2016 2017 2018 2019 Gaming (0.03% , 0.05% ) File Sharing (16.0% , 5.2% ) Web/Data (23.2% , 13.2% ) IP VoD (6.0% , 10.3% ) Internet Video (54.8% , 71.2% ) Video  traffic  growth  (La;n  America)   By  2019,  IP  Video  will  represent  82%  of  traffic   Source:  Cisco  VNI  Global  IP  Traffic  Forecast,  2014–2019   25%  CAGR  2014–2019   Exabytes  per   Month   *  Figures  (n)  refer  to  2014,  2019  traffic  shares      
  6. 6. SD  2  Mbps   HD  7.2  Mbps   UHD  18  Mbps   10 33 77 146 245 371 0 50 100 150 200 250 300 350 400 2014 2015 2016 2017 2018 2019 Connetced   4Ks  TVs  (M)   Source:  Cisco  VNI  Global  IP  Traffic  Forecast,  2014–2019   Video  defini;on  increment   By2019,  more  than  31%  of  the  connected  TVs  will  be  4K  
  7. 7. And  speed  is  an  obsession  for  networks  users…   68%  of  all  broadband  access  by   2019   Online  Video     (HD  movie  download)   22  minutes   (UHD  movie  download)   2  hours   10  Mbps   33%  of  all  broadband  access  by   2019   Online  Video     (HD  movie  download)   9  minutes   (UHD  movie  download)   48  minutes   25  Mbps   7%  of  all  broadband  access  by   2019   Online  Video     (HD  movie  download)   2  minutes   (UHD  movie  download)   12  minutes   100  Mbps  
  8. 8. Enterprise  Networks  priori;es  and  focus  areas  
  9. 9. Wireless as a primary connectivity Enterprise  Networks  focus  areas   Digitization story Intelligent WAN Cloud and new consumption models Security  everywhere  
  10. 10. Network   Security   Unified  Access   Intelligent   WAN   ACI  –  Policy  based   Automa;on   Foundational Architectures IT   TransformaTon   Security  &    Compliance   Customer   Experience   Workforce   Experience   Driving  business  outcomes  approach  
  11. 11. Securing  Enterprise  Networks  
  12. 12. Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation New  Networks  Mean  New  Security  Challenges     Organizations lack visibility into which and how many devices are on their Network Services are moving to the Cloud at a faster rate than IT can keep up Over 50 billion connected “smart objects” by 2020. Acquisitions, joint ventures, and partnerships are increasing in regularity. ENTERPRISE MOBILITY ACQUISITIONS AND PARTNERSHIPS CLOUD INTERNET OF THINGS It’s  Not  “IF”  You  Will  Be  Breached…It’s  “WHEN.”   Expanded  Enterprise  Acack  Surface  
  13. 13. Network  Threats  Are  Gedng  Smarter   1990   2020  2015  2010  2005  2000  1995   Phishing,  Low   Sophis;ca;on     Hacking  Becomes   an  Industry   Sophis;cated   Acacks,  Complex   Landscape   Viruses   1990–2000   Worms   2000–2005   Spyware  and  Rootkits   2005–Today   APTs  Cyberware   Today  +   Criminals  Know  More  About  Your  Network  Than  You  Do   Custom  Malware  Remains  Dormant  for  Months  to  Learn  Vulnerabili;es  in  the  Network  and  then  Acack  those  Vulnerabili;es.  
  14. 14. Cisco  Confiden;al   14  ©  2013-­‐2014    Cisco  and/or  its  affiliates.  All  rights  reserved.   You  Can’t  Defend  Against  What  You  Can’t  See       01010 10010 11   01010 10010 11   01010 10010 11   01010 10010 11  
  15. 15. Solu;on  Overview    
  16. 16. Cisco’s  Threat-­‐Centric  Approach  to  Security   BEFORE AFTERDURING Network as a Sensor Flexible  NetFlow  u  Lancope  StealthWatch  u  ISE     Network as an Enforcer Flexible  NetFlow  u  Lancope  StealthWatch    u Cisco TrustSec u ISE
  17. 17. Cisco  Network  as  a  Sensor  (NaaS)   Detect  Anomalous  Traffic  Flows,  Malware   IdenTfy  User  Access  Policy  ViolaTons   Obtain  Broad  Visibility  into  All  Network  Traffic  
  18. 18. Cisco  Network  as  an  Enforcer  (NaaE)   Implement  Access  Controls  to  Secure  Resources   Contain  the  Scope  of  an  Aeack  on  the  Network   QuaranTne  Threats,  Reduce  Time-­‐to-­‐RemediaTon  
  19. 19. Network  as  a  Sensor  (NaaS)   Ø  Cisco  Networking  Porlolio   Ø  Cisco  NetFlow   Ø  Lancope  StealthWatch   Ø  Cisco  Iden;ty  Services  Engine  (ISE)         Deeper  Visibility  and  Greater  Defense  against   Network  Threats       Network  as  an  Enforcer  (NaaE)   Ø  Cisco  Networking  Porlolio   Ø  Cisco  NetFlow   Ø  Lancope  StealthWatch   Ø  Cisco  Iden;ty  Services  Engine  (ISE)   Ø  Cisco  TrustSec  Somware-­‐Defined  Segmenta;on    
  20. 20. NetFlow  for  Dynamic  Network  Awareness   Understand  Network  Behavior  and  Establish  a  Network’s  Normal     Network Flows Highlight Attack Signatures A  Powerful  InformaTon  Source     for  Every  Network  ConversaTon   Each  and  Every  Network  Conversa;on     over  an  Extended  Period  of  Time   Source  and  Des;na;on  IP  Address,  IP  Ports,     Time,  Data  Transferred,  and  More   Stored  for  Future  Analysis     A  CriTcal  Tool    to  IdenTfy  a  Security  Breach   Iden;fy  Anomalous  Ac;vity     Reconstruct  the  Sequence  of  Events   Forensic  Evidence  and  Regulatory  Compliance   NetFlow  for  Full  Details,  NetFlow-­‐Lite  for  1/n  Samples    
  21. 21. Lancope  StealthWatch  System   Network  Reconnaissance  Using  Dynamic  NetFlow  Analysis   Monitor   Detect   Analyze   Respond   Ø  Understand  your   network  normal   Ø  Gain  real-­‐;me   situa;onal  awareness  of   all  traffic   Ø  Leverage  Network   Behavior  Anomaly   detec;on  &  analy;cs   Ø  Detect  behaviors  linked   to  APTs,  insider   threats,  DDoS,  and   malware   Ø  Collect  &  Analyze   holis;c  network  audit   trails   Ø  Achieve  faster  root   cause  analysis  to   conduct  thorough   forensic  inves;ga;ons   Ø  Accelerate  network   troubleshoo;ng  &  threat   mi;ga;on   Ø  Respond  quickly  to  threats   by  taking  ac;on  to   quaran;ne  through  Cisco   ISE  
  22. 22. Cisco  Iden;ty  Services  Engine  (ISE)   Adding  Visibility  and  Context  to  NetFlow     INTEGRATED PARTNER CONTEXT NETWORK / USER CONTEXT How WhatWho WhereWhen SEND  CONTEXTUAL  DATA  COLLECTED  FROM  USERS,  DEVICES,  AND  NETWORKS   TO  LANCOPE  FOR  ADVANCED  INSIGHTS  AND  NETFLOW  ANALYTICS  
  23. 23. What  Can  Cisco  NaaS  and  NaaE  Offer  You?   Consistent     Control   Complexity     ReducTon   Consistent  Policies   Across  the     Network  and     Data  Center   Fits  and  Adapts     to  Changing   Business  Models     Global  Intelligence   With  the  Right   Context   Detects  and  Stops   Advanced  Threats   Advanced  Threat   ProtecTon   Unmatched   Visibility  
  24. 24. Network  as  a  Sensor/Network  as  an  Enforcer   Use  Cases  
  25. 25. Customer  Case  Study  -­‐  Network  as  a  Sensor   Industry:  Retail     Company:  Large  Known  Global  Retailer     Exis2ng  Environment:   •  Large  Cisco  Switch  &  Router  Footprint   •  ASA  &  ISE       Customer  Challenges:   •  Limited  visibility  &  intelligence  across  their  highly-­‐distributed  retail  footprint     •  Lack  of  ability  to  correlate  numerous  data  sets        Results:   •  Amer  deploying  Cisco  Nellow,  Lancope  Stealth  Watch  and  Cisco  ISE     •  Gains  Retail  Point-­‐of-­‐Presence  Visibility   •  Deeper  Understanding  into  Network  Applica;on  Usage  
  26. 26. Customer  Case  Study  -­‐  Network  as  an  Enforcer   Industry:  Banking     Company:  Large  Known  Global  Bank   Exis2ng  Environment:   •  Large  Cisco  Switch  &  Router  Footprint       Customer  Challenges:   •  Visibility  into  the  network  and  rogue  devices   •  Policy  enforcement  of  user  to  data  center  policies     •  Mee;ng  compliance  audits          Results:   •  Amer  deploying  Lancope  Stealth  Watch  Cisco  ISE  and  Cisco  TrustSec     •  Gain  Deep  Visibility  into  Network  Access  and  Devices     •  Segment  Network  Access  and  Assets  using  Business  Role  Based  Policies   •  Accelerated  ;me  to  Compliance  Audits    
  27. 27. Solu;on  descrip;on  and  demo  
  28. 28. Behavioral  Analysis   •  Leverages  knowledge  of  known  bad   behaviour   Anomaly  DetecTon   •  Iden;fy  a  change  from   “normal”   Behavioral  Analysis  &  Anomaly  Detec;on  
  29. 29. Solu;on  Architecture   StealthWatch   Management   Console   UDP  Director   FlowCollector   NetFlow,   syslog,  SNMP   NetFlow  enabled   infrastructure   FlowSensor   VMware  ESX  with   FlowSensor  VE   User  and  Device   Informa;on   StealthWatch   IDen;ty  Cisco  ISE   Feeds  of  emerging  threat   informa;on   Unified View: Security and Network Monitoring
  30. 30. NaaS:  Powered  by  StealthWatch Denial  of  Service   SYN  Half  Open;  ICMP/UDP/Port  Flood   Worm  PropagaTon   Worm  Infected  Host  Scans  and  Connects  to  the  Same  Port  Across  MulTple   Subnets,  Other  Hosts  Imitate  the  Same  Above  Behavior   FragmentaTon  Aeack   Host  Sending  Abnormal  #  Malformed  Fragments.   Botnet  DetecTon   When  Inside  Host  Talks  to  Outside  C&C  Server     for  an  Extended  Period  of  Time   Host  ReputaTon  Change   Inside  Host  PotenTally  Compromised  or   Received  Abnormal  Scans  or  Other  Malicious  Aeacks   Network  Scanning   TCP,  UDP,  Port  Scanning  Across  MulTple  Hosts   Data  ExfiltraTon   Large  Outbound  File  Transfer  VS.  Baseline  
  31. 31. Policy  Defined  Role-­‐Based  Segmenta;on   Flexible  and  Scalable    Policy  Enforcement   Switch   Router   DC  FW   DC  Switch   Simplified  Access  Management   Accelerated  Security  Opera;ons   Consistent  Policy  Anywhere   Who  can  talk  to  whom   Who  can  access  protected  assets   How  systems  can  talk  to  other  systems   Desired  Policy   NaaE:  Segmenta;on  via  TrustSec  
  32. 32. StealthWatch  Capabili;es  Summary   Visibility   • Context-­‐aware   visibility  into   network,  applica;on   and  user  ac;vity   • BYOD   • Cloud  monitoring   • IPv6   • East-­‐West  Traffic   monitoring   • Network   segmenta;on   Threat  DetecTon   • Advanced  Persistent   Threats   • Botnet  (CnC)   Detec;on   • Data  Exfiltra;on   • Network   Reconnaissance   • Insider  Threat   • DDoS   • Malware   • Network  Behavior   Anomaly  Detec;on   • SLIC  threat  feed   Incident  Response   • In-­‐depth,  flow-­‐ based  forensic   analysis    of   suspicious  incidents   • Scalable  repository   of  security   informa;on   • Retrace  the  step-­‐by-­‐ step  ac;ons  of  a   poten;al  acacker   • On-­‐demand  packet   capture   Network  DiagnosTcs   • Applica;on   Awareness   • Capacity  Planning   • Performance   Monitoring   • Troubleshoo;ng   User  Monitoring   • Cisco  ISE   • Monitor  privileged   access   • Policy  enforcement  
  33. 33. Cisco  Confiden;al   33  ©  2013-­‐2014    Cisco  and/or  its  affiliates.  All  rights  reserved.   Thank  you!     Fernando  Lucato   flucato@cisco.com   +55  11  5508-­‐6348     Heitor  Silva   hesilva@cisco.com   +55  11  5508-­‐1506  
  34. 34. TradiTonal  Security  Policy   Cisco  TrustSec  Somware-­‐Defined  Segmenta;on   Provide  Role-­‐Based  Segmenta;on  to  Control  Access  and  Contain  Threats   TrustSec  Security  Policy   SegmentaTon  Policy  Enforced  Across  the  Extended  Network   Switch   Router   VPN  &     Firewall   DC  Switch   Wireless   Controller   Simplifies  Firewall  Rule,  ACL,  VLAN  Management   Prevents  Lateral  Movement  of  Poten;al  Threats   Eliminates  Costly  Network  Re-­‐architecture  
  35. 35. Segmenta;on  is  Powerful  Security  Tool   “Network segmentation… is one of the most effective controls an agency can implement to mitigate the second stage of a network intrusion, propagation or lateral movement” “Good network and role segmentation will do wonders for containing an incident.” “Effective network segmentation… reduces the extent to which an adversary can move across the network” “Segregate networks, limit allowed protocols usage and limit users’ excessive privileges.” 2014 DATA BREACH INVESTIVATIONS REPORT The Untold Story of the Target Attack Step by Step Aortato Labs, August 2014
  36. 36. Bringing  It  All  Together   Architec;ng  Network  as  a  Sensor  and  Network  as  an  Enforcer     Network Sensor (Lancope) NGFW Campus/DC Switches/WLC Cisco Routers / 3rd Vendor Devices Threat NGIPS API API (pxGrid) ISE Network Sensors Network Enforcers Policy & Context Sharing TrustSec Security Group Tag Cisco Collective Security Intelligence Confidential Data

×