Joe CFO for CiscoLive Berlin 2016 Email and Web Security Presentation
- 1. Bruce Johnson Senior Product Marketing Manager February 10, 2016 Cisco Web and Email Security New Ways to Protect from the Top Threat Vectors
- 2. Email: Leading Threat Vector Data Loss Acceptable Use Violations Malware Infections IPv6 Spam Blended Threats Targeted Attacks APTs Advanced Malware Rootkits Worms Trojan Horse 205.6 Billion Emails per Day in 2015 and Growing - Radicati
- 3. Blended Attacks Multiple Security Layers Needed
- 4. Point in Time Security is Not Enough! BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Web ReputationWeb Reputation Usage ControlsUsage Controls Malware SignatureMalware Signature File ReputationFile Reputation File SandboxingFile Sandboxing File RetrospectionFile Retrospection Application ControlsApplication Controls Threat AnalyticsThreat Analytics Actionable Reporting Actionable Reporting
- 5. Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved. “If you knew you were going to be compromised… …would you do security differently?”
- 6. Joe CFO Waiting for his plane Meet Joe. He is heading home for a well deserved vacation. He’s catching up on email using the airport Wi-Fi while he waits for his flight. BEFORE
- 7. Joe CFO Checks his email Joe just got an email from his vacation resort with a confirmation link. www.beautiful-hawaii.com BEFORE Your Tropical Getaway Joe, Thank you for choosing us. We look forward to seeing you. Before your arrival, please verify your information here: www.vacationresort.com Best, Resort Team
- 8. Joe CFO Instinctively, he clicks on the link No problem, right? Everything looks normal. The site may even be a trusted site, or maybe a site that is newly minted. BEFORE Your Tropical Getaway Joe, Thank you for choosing us. We look forward to seeing you. Before your arrival, please verify your information here: www.vacationresort.com Best, Resort Team
- 9. DURING Joe CFO Joe is now infected Joe opens the link and the resort video plays. Although he doesn’t know it, Joe’s machine has been compromised by a flash-based video exploit. The malware now starts to harvest Joe’s confidential information: •Passwords •Credentials •Company access authorizations
- 10. Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved. Now let’s see how Cisco’s Layered Defense protects Joe…. instant replay
- 11. Meet Joe. He is heading home for a well deserved vacation. Instant Replay with Cisco Security BEFORE Waiting for his plane How Cisco Protects You
- 12. Joe just got an email from his vacation resort. Instant Replay with Cisco Email Security DURING Checks his email How Cisco Protects You Your Tropical Getaway Joe, Thank you for choosing us. We look forward to seeing you. Before your arrival, please verify your information here: www.vacationresort.com Best, Resort Team
- 13. No problem, right? Everything looks normal. Instant Replay with Cisco Web Security DURING Instinctively, he clicks on the link How Cisco Protects You Deploys malware protection Traces phone home traffic Conducts 200 pt. website “credit check” Controls social media micro-app policy Activates embedded protection Your Tropical Getaway Joe, Thank you for choosing us. We look forward to seeing you. Before your arrival, please verify your information here: www.vacationresort.com Best, Resort Team Traces “phone home” traffic
- 14. Joe opens the link and the resort video plays. Instant Replay with Cisco AMP for Email & Web Security DURING Joe is protected How Cisco Protects You Isolates unknown files through sandboxing Evaluates file reputation Registers files
- 15. After a relaxing vacation, Joe returns home protected and unaware that the threat even existed. (and he still has a job!) Joe CFO arrives home AFTER Joe is protected
- 16. After a few days, a file begins to behave maliciously. Joe CFO arrives home AFTER Joe is protected How Cisco Protects You Identifies polymorphic attacks Discovers patient zero and zero +1 Analyzes threats retrospectively
- 17. Layered Email and Web Security Best Defense for Complex Threats Come by the Email and Web Security Booth and Learn More
- 18. Thank you
Editor's Notes
- #3: T: There are new challenges during every stage of an attack.
- #5: Cisco Web security provides protection across the attack continuum. We start with Web Reputation, Usage and application controls During an attack your protected with : Malware Signature File reputation And file sandboxing for dynamic analysis And after an attack with continuous retrospection – the ability to identify malicious malware that crossed the wire undetected – using file retrospection, threat analytics and actionable reporting capabilities.
- #6: If it was your house that was going to be broken into, certainly. The same should be true for your system, after all both represent your personal information, property and safety. Allow me to present a use case. Let’s consider an email based spear phishing attack and how it would unfold across the attack continuum. The target will be Joe. He’s a CFO on his way home to enjoy some vacation time. Joe’s going to receive an email from what looks like a trusted site. In reality, the email is a targeted attack and contains a compromised link. We’ll look at two versions of this case: one in which Joe is unprotected, and one in which Joe is protected by Cisco security products. T: First, let’s look a scenario where Joe is not protected.
- #7: Meet Joe CFO. He’s sitting in the airport waiting to head home. He’s excited to go back for a well deserved vacation. T: He’s using the public airport Wi-Fi to check his email
- #8: Joe just received an email from what appears to be his vacation resort. It is asking him to verify his information – a credit card number, dinner reservations, or any number of things. It wants him to verify by clicking on an embedded URL link. T: Joe is drawn to the link.
- #9: Everything seems fine. There is a factor of trust, since Joe is going on vacation and the email is from a vacation resort. The email may even be from a trusted site that has been compromised. T: Joe clicks on the link.
- #10: A resort video plays. Although he doesn’t know it, Joe has been taken to a website with a flash-based video exploit and it has downloaded malware onto his machine. The malware begins to harvest his information. Joe’s passwords, credentials, and company access authorizations have all been compromised. He has unknowingly given hackers the ability to steal sensitive company and customer information. T: Enjoy your vacation Joe.
- #11: As a company CFO, Joe is an attractive target. In order to secure his and his company’s information, Joe needs the best possible protection. In a moment we’ll explore the second version of the case. This time, Joe will have Cisco’s Talos and layered defense products to protect him, his company’s information, and his job. T: Before that, allow me to briefly expand on Cisco’s Talos.
- #12: Meet Joe again. He’s using the public airport Wi-Fi to check his email. He is accessing his corporate network via an encrypted VPN from Cisco. His mobile devices are being managed through Cisco’s Identity Services Engine. Cloud security and split tunneling are implemented for further protection, and Talos inoculates his device against malware. Lastly our indexing can us to track patterns of behavior and analyze it for harmful patters. So that we can identify complex attacks even if they are made up of seemingly benign actions. T: Before an attack even happens, Joe is actively being defended.
- #13: He receives an email from what appears to be his vacation resort. As Joe opens the email, Cisco’s email security appliance and Talos spring into action. They provide an email credit check, conduct a 200 point inspection, rewrite or redirect URLs and enforce corporate security policy. It seems that the resort staff are asking Joe to verify his information by clicking on a hyperlinked web address. T: Joe is drawn to the link while Cisco continues to protect him.
- #14: Everything seems fine. The email address is legitimate and the site it links to appears to be legitimate as well. Joe clicks on the link while his defenses take action. Cisco’s security products activate embedded protection and conduct a 200 point website “credit check.” They deploy malware protection, control social media micro-app policy and trace phone home traffic. T: Joe’s browser opens the web page.
- #15: A resort video plays. Though he doesn’t know it, Joe has been taken to a malicious website that begins to download files onto his machine. But this time, Joe is protected. Cisco security products register the downloaded files and evaluate their reputations. They isolate unknown and suspicious files through sandboxing and update the Talos database in order to inoculate against further attacks. T: Joe can now enjoy his vacation without the worry of a security threat.
- #16: T: Joe returns home with his devices and data secure.
- #17: Now let’s say that a file appears to be legitimate. It passes through Joe’s defenses and is loaded onto his device. Three days later a timer goes off, and the file begins to behave maliciously. Joe is now the target of a polymorphic attack. Thankfully for Joe, Cisco security products analyze threats retrospectively. They identify the polymorphic attack, discover patient zero and trace the file’s trajectory to discover if anyone else has been attacked. All discoveries are cataloged and added to the Talos database to inoculate even further. T: With Cisco security, the damages can be traced, scoped and remediated.