Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.

1. Cisco Security Solutions
DuwayneWatson
Sr. ChannelAccountSpecialist(Cisco
Collaboration & Security)
17 December 2018

3. The Evolution of RansomwareVariants
PC
Cyborg
2002
GPCoder
2005 2012 2013 2014
TOR
2006
First
commercial
Android phone
2007
QiaoZhaz
20081989 2015 2016
CRYZIP
Redplus
Bitcoin
network launched
Reveton
Ransomlock
Dirty Decrypt
Cryptorbit
Cryptographic Locker
Urausy
Cryptolocker
CryptoDefense
Koler
Kovter
Simplelock
Cokri
CBT-Locker
TorrentLocker
Virlock
CoinVault
Svpeng
TeslaCrypt
Virlock
Lockdroid
Reveton
Tox
Cryptvault
DMALock
Chimera
Hidden Tear
Lockscreen
Teslacrypt 2.0
Cryptowall
SamSam
Locky
Cerber
Radamant
Hydracrypt
Rokku
Jigsaw
Powerware
73V3N
Keranger
Petya
Teslacrypt 3.0
Teslacrypt 4.0
Teslacrypt 4.1
2017
CrySis
Nemucod
Jaff
Spora
Popcorn Time
NotPetya
WannaCry

4. Rapid Growth Of DevicesWith IP
500B
In 2030
50B
In 2020
15B
Devices Today
5

5. Find and contain
problems
fast
Simplified
segmentation and
access control
Protect users
wherever
they work
Stop threats
at the
edge
Security Best Practices
- Scaled for security maturity -
TIME

6. Cisco End-to-End Architecture
Endpoint CloudNetwork
Advanced
malware
NGFW/
NGIPS
Network
analytics
DNS
www
Network
access
Email
security
WebETA
Advanced
malware
DNS
Cloud
access
VPN
Advanced
malware
Email
security
DNS
Web Cloud
access
www
Services
Threat Intelligence -

7. 24  7  365 Operations
100 TB
Of Data Received Daily
1.5 MILLION
Daily Malware Samples
600 BILLION
Daily Email Messages
16 BILLION
Daily Web Requests
MILLIONS
Of Telemetry Agents
4
Global Data Centers
Over 100
Threat Intelligence
Partners
250+
Full Time Threat Intel
Researchers
Global
scanning
30 years building
the world’s networks
Deploy the world's largest email
traffic monitoring network
Industry-leading
Fastest Time to Detection

8. &
Customers
Hundreds of
Thousands Daily Threat
Telemetry
100TB Threat
Researchers
300
Users
Tens of
Millions Threat Analytic
Engines
Hundreds of
GLOBAL
Threats Across
the Internet
LOCAL
Threats Inside
Your Network
Cisco’s global visibility, threat research, and analytics
– unmatched in the market

9. TALOS
Microsoft Android
Virtual
iOS &
MacOSX
CentOS, Red Hat
Linux
AMP on WSA & ESA
AMP on ASA
AMP Private Cloud
AMP on Firepower
AMP on CloudWeb Security
& Hosted Email
CWS/CTA
Threat Grid
(Sandbox)
AMP on ISR
AMP on Meraki
AMP on ISEThreatGrid & Umbrella
AMP via AnyConnect

10. Cisco Umbrella

11. Visibility
InvisibleProtection
Secure Traffic Off the Network

12. Business apps
Salesforce, Office 365,
G Suite, etc.
Branch office
Critical infrastructure
Amazon, Rackspace, Windows
Azure, etc.
Roaming laptops
Workplace
desktops
Business
apps
Critical
infrastructure
InternetThe way we work
has changed

13. Secure Internet Gateway
Cisco
Umbrella
Safe DNS
Web controls
Cloud-delivered firewall CASB
Correlated threat intel

14. Cisco Umbrella
Cloud security platform
Built into the foundation of the internet
Intelligence to see attacks before launched
Visibility and protection everywhere
Enterprise-wide deployment in minutes
Integrations to amplify existing investments
Safe
request
Blocked
request
ANY DEVICE ON
NETWORK
ROAMING
LAPTOP
BRANCH
OFFICES

15. How fast do we resolve DNS requests?
Measured in milliseconds
Source: MSFT Office 365 Researcher,
ThousandEyes Blog Post, May2017
157
130
119
92
78
75
74
50
45
33
0 50 100 150 200
SafeDNS
FreeDNS
DNS.WATCH
Comodo
Level3
OpenNIC
Verisign
Dyn
Umbrella
Google
Overall
75
132
106
39
17
38
43
12
17
25
0 50 100 150
1
2
3
4
5
6
7
8
9
10
North
America
135
41
34
44
32
52
43
31
31
29
0 50 100 150
1
2
3
4
5
6
7
8
9
10
Europe/
EMEA
197
275
268
198
167
119
112
80
59
39
0 100 200 300
1
2
3
4
5
6
7
8
9
10
Asia/
APC
184
225
218
119
110
108
140
73
99
42
0 100 200 300
1
2
3
4
5
6
7
8
9
10
Latin
America
322
195
169
164
171
81
176
165
23
38
0 200 400
1
2
3
4
5
6
7
8
9
10
Africa

16. Visibilityinto apps that exist within
an org’s env.
Understand risksandidentities,who
is using what
WorkflowManagement
App Control (Block a select # of
Apps / List to grow over time)
App Discovery with Umbrella

17. 2
Challenges protecting your Wi-Fi
Guests and
their devices
Need for
content filtering
Limited
resources

18. Pricing and integrations
Designed for simplicity
Pricing per access
point
Protect an unlimited number of
corporate and guest Wi-Fi users
Integrations
Make deployment even easier and
deliver richer insights
Wireless LAN Controllers
All other access points

20. Endpoint Devices Increasingly Difficult to Defend
57%
Mobile Devices
56%
Cloud Data
56%
User Behavior
Most challenging areas to defend:
*Source: Cisco 2018 SecurityCapabilitiesBenchmarkStudy

21. Stop Malware
Using multiple detection and
protection mechanisms

22. Prevent Detect
Reduce
Risk
•Antivirus
•Fileless malware detection
•Cloud lookups (1:1, 1:many)
•Client Indicators of Compromise
•Static analysis
•Sandboxing
•Malicious Activity Protection
•Machine learning
•Device flow correlation
•Cloud Indicators of Compromise
•Vulnerable software
•Low prevalence
•Proxy log analysis
How we…

23. Cisco AMP - Retrospective Security
TrajectoryBehavioral
Indications
of Compromise
Elastic
Search
Continuous Analysis Attack Chain
Weaving

24. Prevent fileless malware
Malware has evolved. We need to protect against more than just files.
Monitor processactivity andguardagainst
attempts to hijacklegitimate applications.

25. Protect against ransomware
Malicious activity protection
• Monitor Process behavior at execution
• Tuned to detect tell-tale ransomware signs
• Quarantine and terminate associated files and
processes
• Log and alert encryption attempt

26. Holistic view of endpoints
Regardless of operating system – from servers to desktop to mobile devices

27. Agentless detection with proxy analysis
Identify anomalous traffic occurring within your network
VoIP
Phones
Printers Security
Cameras
Thermostats

28. Prevent
User endpoint
AMP for Endpoints blocks malicious files
at initial inspection and uses sandbox
to inspect unknown
baddomain.com
Umbrella blocks malicious internet
requests

29. User endpoint
Detect
Umbrella sees and stops C2
callbacks to attacker’s servers
AMP for Endpoints continuously analyzes
all file activity to detect malicious
behavior and retrospectively alert

30. Respond
Security team
Umbrella Investigate provides
current and historical data on
domains, IPs, and file hashes
AMP for Endpoints shows
full history of compromise,
and provides outbreak control and
quarantine capabilities
DOMAINS
IPs
FILE HASHES

32. Your challenges
Malware and
ransomware
Compromised
accounts and
malicious insiders
Gaps in visibility and
coverage
Data breaches and
compliance

33. Cisco Cloudlock
Cloud Access Security Broker (CASB)
Users Data Apps
SaaS

34. Key questions organizations have
ApplicationsDataUsers/Accounts
 Who is doing what in
my cloud applications?
 How do I detect account
compromises?
 Are malicious insiders
extracting information?
 Do I have toxic and
regulated data in the cloud?
 Do I have data that is being
shared inappropriately?
 How do I detect policy
violations?
 How can I monitor app usage
and risk?
 Do I have any 3rd party
connected apps?
 How do I revoke risky apps?

35. Infrastructure
as a Service (IaaS)
Platform
as a Service (PaaS)
SaaS
People People People
Data Data Data
Applications Applications Applications
Runtime Runtime Runtime
Middleware Middleware Middleware
Operating system Operating system Operating system
Virtualnetwork Virtualnetwork Virtualnetwork
Hypervisor Hypervisor Hypervisor
Servers Servers Servers
Storage Storage Storage
Physical network Physical network Physical network
Cloud shared responsibility – SaaS/PaaS/IaaS
CSR responsibilityCustomer responsibility

36. Cisco cloud security
Shared focus, complementary use cases
Visibility and control
Threat protection
Forensics
Data protection
Malware / ransomware
Cloudlock
For ShadowIT and connected cloud
apps (OAuth)
Protect cloud accounts from
compromise and malicious insiders
Analyze audit cloud logs
Assess cloud data risk
and ensure compliance
Prevent cloud-native
(OAuth)attacks
Umbrella
For all internet activity
Stop connections to
malicious internetdestinations
Investigate attacks with
internet-wide visibility
Block C2 callbacks and
prevent data exfiltration
Prevent initial infection
and C2 callbacks

37. Security weaknesses of native cloud service
providers
Single platform
only
Solves fewer
problems
Lack of security expertise
and focus
Upcharge No incident
management
Weak remediation
capabilities
1

38. Here’s an example of why you need cloud user
security
North
America
9:00 AM ET
Login
Africa
10:00 AM ET
Data export Distancefrom theUS
to theCentral African
Republic: 7362 miles
 At a speed of 800 mph,
it would take9.2 hours
to travel between them
In one hour

39. The cloud threat funnel
All user behavior
Threat intelligence
Cyber research
Cloud vulnerability insight
Centralized policies
Community intelligence
Contextual analysis
Anomalies Suspicious activities
True threat
Source: Cloudlock CyberLab
58% abnormal
behavior
31% login
activities
11% admin
actions
113x than average
loginfailure
141x than average
data asset deletion
227x than average
file downloads
Sessionterminated
Email sent
File modified
File downloaded
Document created
Access denied

40. More than 24,000 files per organization publicly
accessible
Data exposure per organization
Accessible by
external collaborators
Accessible publicly
Accessible
organization-wide
2%
10%
12%
24,000 files
publicly accessible per organization
of external sharing done with non-
corporate email addresses70%
Source: Cloudlock CyberLab

41. Cisco Cloudlock addresses organizations’ most
critical cloud security use cases
Discover and Control
User and Entity
Behavior Analytics
Cloud Data Loss
Prevention (DLP)
Apps Firewall
OAuth Discovery and
Control
Shadow IT
Data Exposures
and Leakages
Privacy and
Compliance Violations
Compromised
Accounts
Insider Threats

42. PublicAPIs
Cisco NGFW / Umbrella
Managed
Users
Managed
Devices
Managed
Network
Unmanaged
Users
Unmanaged
Devices
Unmanaged
Network
CASB – API Access (cloud to cloud)

43. Cloudlock provides automated response actions
Detect Alert
(Admin/Users)
Security
Workflows
Response
Actions
API Integrations

44. Cloudlock has over 70 pre-defined policies
PII
 SSN/ID
numbers
 Driver license
numbers
 Passport
numbers
Education
 Inappropriate
content
 Student loan
application
information
 FERPA
compliance
General
 Email address
 IP address
 Passwords/
login
information
PHI
 HIPAA
 Health
identification
numbers
(global)
 Medical
prescriptions
PCI
 Credit card
numbers
 Bank account
numbers
 SWIFT codes

45. Installationin less than
10 minutes
World-class customer
successteam
with access to Cloudlock
CyberLab
Backed by
world-class security
certifications
Cloudlock connect
communitywith
peer insights
The Cloudlock customer advantage

46. Smart Net Total Care
World-class support services
Cisco Technical
Assistance Center (TAC)
Advance hardware
replacement
Operating system
software updates
Online self-help
resources
Smart Capabilities

47. Question and answer Session