Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
6. Cisco End-to-End Architecture
Endpoint CloudNetwork
Advanced
malware
NGFW/
NGIPS
Network
analytics
DNS
www
Network
access
Email
security
WebETA
Advanced
malware
DNS
Cloud
access
VPN
Advanced
malware
Email
security
DNS
Web Cloud
access
www
Services
Threat Intelligence -
7. 24 7 365 Operations
100 TB
Of Data Received Daily
1.5 MILLION
Daily Malware Samples
600 BILLION
Daily Email Messages
16 BILLION
Daily Web Requests
MILLIONS
Of Telemetry Agents
4
Global Data Centers
Over 100
Threat Intelligence
Partners
250+
Full Time Threat Intel
Researchers
Global
scanning
30 years building
the world’s networks
Deploy the world's largest email
traffic monitoring network
Industry-leading
Fastest Time to Detection
8. &
Customers
Hundreds of
Thousands Daily Threat
Telemetry
100TB Threat
Researchers
300
Users
Tens of
Millions Threat Analytic
Engines
Hundreds of
GLOBAL
Threats Across
the Internet
LOCAL
Threats Inside
Your Network
Cisco’s global visibility, threat research, and analytics
– unmatched in the market
9. TALOS
Microsoft Android
Virtual
iOS &
MacOSX
CentOS, Red Hat
Linux
AMP on WSA & ESA
AMP on ASA
AMP Private Cloud
AMP on Firepower
AMP on CloudWeb Security
& Hosted Email
CWS/CTA
Threat Grid
(Sandbox)
AMP on ISR
AMP on Meraki
AMP on ISEThreatGrid & Umbrella
AMP via AnyConnect
12. Business apps
Salesforce, Office 365,
G Suite, etc.
Branch office
Critical infrastructure
Amazon, Rackspace, Windows
Azure, etc.
Roaming laptops
Workplace
desktops
Business
apps
Critical
infrastructure
InternetThe way we work
has changed
14. Cisco Umbrella
Cloud security platform
Built into the foundation of the internet
Intelligence to see attacks before launched
Visibility and protection everywhere
Enterprise-wide deployment in minutes
Integrations to amplify existing investments
Safe
request
Blocked
request
ANY DEVICE ON
NETWORK
ROAMING
LAPTOP
BRANCH
OFFICES
16. Visibilityinto apps that exist within
an org’s env.
Understand risksandidentities,who
is using what
WorkflowManagement
App Control (Block a select # of
Apps / List to grow over time)
App Discovery with Umbrella
18. Pricing and integrations
Designed for simplicity
Pricing per access
point
Protect an unlimited number of
corporate and guest Wi-Fi users
Integrations
Make deployment even easier and
deliver richer insights
Wireless LAN Controllers
All other access points
19.
20. Endpoint Devices Increasingly Difficult to Defend
57%
Mobile Devices
56%
Cloud Data
56%
User Behavior
Most challenging areas to defend:
*Source: Cisco 2018 SecurityCapabilitiesBenchmarkStudy
24. Prevent fileless malware
Malware has evolved. We need to protect against more than just files.
Monitor processactivity andguardagainst
attempts to hijacklegitimate applications.
25. Protect against ransomware
Malicious activity protection
• Monitor Process behavior at execution
• Tuned to detect tell-tale ransomware signs
• Quarantine and terminate associated files and
processes
• Log and alert encryption attempt
26. Holistic view of endpoints
Regardless of operating system – from servers to desktop to mobile devices
27. Agentless detection with proxy analysis
Identify anomalous traffic occurring within your network
VoIP
Phones
Printers Security
Cameras
Thermostats
28. Prevent
User endpoint
AMP for Endpoints blocks malicious files
at initial inspection and uses sandbox
to inspect unknown
baddomain.com
Umbrella blocks malicious internet
requests
29. User endpoint
Detect
Umbrella sees and stops C2
callbacks to attacker’s servers
AMP for Endpoints continuously analyzes
all file activity to detect malicious
behavior and retrospectively alert
30. Respond
Security team
Umbrella Investigate provides
current and historical data on
domains, IPs, and file hashes
AMP for Endpoints shows
full history of compromise,
and provides outbreak control and
quarantine capabilities
DOMAINS
IPs
FILE HASHES
34. Key questions organizations have
ApplicationsDataUsers/Accounts
Who is doing what in
my cloud applications?
How do I detect account
compromises?
Are malicious insiders
extracting information?
Do I have toxic and
regulated data in the cloud?
Do I have data that is being
shared inappropriately?
How do I detect policy
violations?
How can I monitor app usage
and risk?
Do I have any 3rd party
connected apps?
How do I revoke risky apps?
35. Infrastructure
as a Service (IaaS)
Platform
as a Service (PaaS)
SaaS
People People People
Data Data Data
Applications Applications Applications
Runtime Runtime Runtime
Middleware Middleware Middleware
Operating system Operating system Operating system
Virtualnetwork Virtualnetwork Virtualnetwork
Hypervisor Hypervisor Hypervisor
Servers Servers Servers
Storage Storage Storage
Physical network Physical network Physical network
Cloud shared responsibility – SaaS/PaaS/IaaS
CSR responsibilityCustomer responsibility
36. Cisco cloud security
Shared focus, complementary use cases
Visibility and control
Threat protection
Forensics
Data protection
Malware / ransomware
Cloudlock
For ShadowIT and connected cloud
apps (OAuth)
Protect cloud accounts from
compromise and malicious insiders
Analyze audit cloud logs
Assess cloud data risk
and ensure compliance
Prevent cloud-native
(OAuth)attacks
Umbrella
For all internet activity
Stop connections to
malicious internetdestinations
Investigate attacks with
internet-wide visibility
Block C2 callbacks and
prevent data exfiltration
Prevent initial infection
and C2 callbacks
37. Security weaknesses of native cloud service
providers
Single platform
only
Solves fewer
problems
Lack of security expertise
and focus
Upcharge No incident
management
Weak remediation
capabilities
1
38. Here’s an example of why you need cloud user
security
North
America
9:00 AM ET
Login
Africa
10:00 AM ET
Data export Distancefrom theUS
to theCentral African
Republic: 7362 miles
At a speed of 800 mph,
it would take9.2 hours
to travel between them
In one hour
39. The cloud threat funnel
All user behavior
Threat intelligence
Cyber research
Cloud vulnerability insight
Centralized policies
Community intelligence
Contextual analysis
Anomalies Suspicious activities
True threat
Source: Cloudlock CyberLab
58% abnormal
behavior
31% login
activities
11% admin
actions
113x than average
loginfailure
141x than average
data asset deletion
227x than average
file downloads
Sessionterminated
Email sent
File modified
File downloaded
Document created
Access denied
40. More than 24,000 files per organization publicly
accessible
Data exposure per organization
Accessible by
external collaborators
Accessible publicly
Accessible
organization-wide
2%
10%
12%
24,000 files
publicly accessible per organization
of external sharing done with non-
corporate email addresses70%
Source: Cloudlock CyberLab
41. Cisco Cloudlock addresses organizations’ most
critical cloud security use cases
Discover and Control
User and Entity
Behavior Analytics
Cloud Data Loss
Prevention (DLP)
Apps Firewall
OAuth Discovery and
Control
Shadow IT
Data Exposures
and Leakages
Privacy and
Compliance Violations
Compromised
Accounts
Insider Threats
44. Cloudlock has over 70 pre-defined policies
PII
SSN/ID
numbers
Driver license
numbers
Passport
numbers
Education
Inappropriate
content
Student loan
application
information
FERPA
compliance
General
Email address
IP address
Passwords/
login
information
PHI
HIPAA
Health
identification
numbers
(global)
Medical
prescriptions
PCI
Credit card
numbers
Bank account
numbers
SWIFT codes
45. Installationin less than
10 minutes
World-class customer
successteam
with access to Cloudlock
CyberLab
Backed by
world-class security
certifications
Cloudlock connect
communitywith
peer insights
The Cloudlock customer advantage
46. Smart Net Total Care
World-class support services
Cisco Technical
Assistance Center (TAC)
Advance hardware
replacement
Operating system
software updates
Online self-help
resources
Smart Capabilities