Documente Academic
Documente Profesional
Documente Cultură
Security
Protection for the top two attack vectors
Story Tweedie-Yates
Product Marketing Manager – Cisco Web Security
February 16, 2016
Agenda
SPAM up
More than
85%
of the companies studied
were affected each month
by malicious browser
extensions
Attack surface – user error on web
Java
Log Volume Silverlight
rise 228%
PDF
Flash
Silverlight
Organizational Security
https://
Individual Privacy Government Compliance
Encrypted traffic is increasing. It represents over 50% of bytes transferred.
Low Barriers to Entry
Compromising without clicking
Attackers:
250%
Exploit Kits, e.g. Cryptowall version 4
CRYPTOWALL 4.0
• Notorious ransomware
• Version 1 first seen in 2014
• Distributed via Exploitkits and Phishing Emails
• Fast Evolution
Threats from a user’s
perspective
Web and email are portable
Joe,
Best,
Resort Team
Sample attacking: Joe CFO
Instinctively, he clicks on the link
Joe,
Best,
Resort Team
Sample attacking: Joe CFO
Joe is now infected
X
Threat IntelligencePoint in Time Continuous
Talos WSA Cisco Web Security
After
Outbreak File Cognitive
Application Webpage Intelligence Sandboxing Threat
Web Web Anti- File
Visibility & www.website.com
Analytics
www Filtering Reputation Malware Reputation
Control
DLP File
Integration Retrospection
X X X X X X
X X X X X X X X
Before X
Management
X During X X Admin
Outbound HQ Reporting
Email
Message
Track
Outbound Liability
Mail Flow
Anti-Spam Data Loss
Policies Encryption Partial
and Protection Allow Warn Block
Block
Anti-Virus
Talos: before, during and after
Threat
100I II0I III00II 0II00II I0I000 0II0 00
I00I III0I III00II 0II00II I0I000 0110 00 ® Research
10I000 0II0 00 0III000 II1010011 101Cisco
101000 0II0 00 0III000 III0I00II II II0000I II0
1100001 110
Intelligence Response
1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
Talos
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
Continuous
Always On
Complete
Solution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Strategic Imperatives
Visibility-Driven Threat-Focused Platform-Based
GUI Graymail
Hybrid Email
MDM
Solution
Scancenter
Policy
And Extending User Identity and Context
Identity Services
Who: Doctor
Engine Integration
What: Laptop Acquires important context
Where: Office and identity from the network
Admin Traffic
Redirections
70+ pre-
defined
HQ
reports
Quick
Analysis
Web Interaction Tracking
Enabling tracking of URLs rewritten by policy
HTTP(S)
Cluster 1 Cluster 1 CONFIRMED threats
Request
Classifier (spanning multiple users)
HTTP(S) HTTP(S) HTTP(S) HTTP(S) HTTP(S)
Request
HTTP(S)
Request HTTP(S)
Request
X Request Request Request HTTP(S)
Request
HTTP(S)
Request Request
HTTP(S)
Classifier HTTP(S)
HTTP(S) HTTP(S) HTTP(S)
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
HTTP(S)
Request
Request
A Request Request HTTP(S)
Request HTTP(S)
Request
Request Request
HTTP(S) HTTP(S)
Request Request HTTP(S) HTTP(S) HTTP(S) HTTP(S)
Request Request HTTP(S) Request
HTTP(S) HTTP(S) HTTP(S) Request
Request
Request Request HTTP(S) Request
Request
HTTP(S)
Request HTTP(S)
HTTP(S)
Cluster 2 Cluster 2
Request
HTTP(S) Request
Request HTTP(S)
Request
HTTP(S)
Request
Classifier
HTTP(S) HTTP(S) HTTP(S)
HTTP(S) HTTP(S)
HTTP(S)
Request H Request Request Request
HTTP(S)
Request Request HTTP(S)
Request HTTP(S)
Classifier Request
HTTP(S)
DETECTED threats (unique)
HTTP(S) HTTP(S) HTTP(S) Request
HTTP(S) HTTP(S)
Request Request HTTP(S)
Request Request
Request
Z Request Request
HTTP(S) HTTP(S)
HTTP(S)
HTTP(S)
Request Request HTTP(S)
Request Cluster 3 Request
HTTP(S) HTTP(S)
Request HTTP(S) Request
Request HTTP(S)
Request
HTTP(S) Request
Request HTTP(S) HTTP(S)
HTTP(S)
HTTP(S)
Request
Request
Request
Cluster 3 HTTP(S)
Request
Request HTTP(S) HTTP(S)
HTTP(S) Request HTTP(S)
Request
Request Classifier
Request HTTP(S) HTTP(S) HTTP(S) HTTP(S)
HTTP(S)
Request
HTTP(S)
Request HTTP(S) K Request Request Request
HTTP(S)
Request
HTTP(S)
Request HTTP(S)
Request
Classifier Request
10B requests per day +/- 1% is anomalous 10M events per day 1K-50K incidents per day
WSA WSA
WSA-S380 WSA-S390
WSA-S680 WSA-S690
SMA-M380 SMA-M390
SMA-M680 SMA-M690
ISR 4k
Branch Headquarters
Backhauling
Traffic $$$
Internet
Cisco Web and Email Security roadmap
Visibility Driven Threat Focused Platform Based
WSA and CWS Unified Policy
Recent Email Web Interaction Tracking WSA with CTA Email and Web Appliance New Hardware
Releases Email Graymail Management ZCT Email Encryption CWS Mobile Browser
Hybrid Email
Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to
change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.
Demos
New CWS GUI
CTA
Email Innovations
Web security customer requirements
Detailed web and HR Need for deep inspection
Large amounts of https traffic
reporting and control with AVC
Proxy
Name Login_ID
Password
*******
https OK Cancel
Corporate network
Roaming user
Get Started Today with Cisco