Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Live 2013 4/20/2017.

Published byJonas Waters Modified over 9 years ago

Similar presentations

Presentation on theme: "Cisco Live 2013 4/20/2017."— Presentation transcript:

1 Cisco Live 2013 4/20/2017

2 Threat-Centric Security
James Weathersby Sr Mgr, Cyber Security Engineers and Architects

3 The Security Problem Changing Business Models Dynamic Threat Landscape
Complexity and Fragmentation

4 The Industrialization of Hacking
Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing, Low Sophistication 2000 1990 1995 2005 2010 2015 2020 Viruses 1990–2000 Worms 2000–2005 Spyware and Rootkits 2005–Today APTs Cyberware Today +

5 Would you do security differently if you knew you were going to be compromised?

6 The New Security Model Attack Continuum BEFORE DURING AFTER Network
Discover Enforce Harden Detect Block Defend DURING AFTER Scope Contain Remediate In order to deal with their biggest challenges, customers need a more simple, scalable and threat-focused model – the key for any model is to ensure visibility across the entire attack continuum, while delivering simplicity and scale. And that it is holistic in nature - addressing security before during and after attacks. BEFORE AN ATTACK: Customers need to know what they are defending….YOU NEED TO KNOW WHATS ON YOUR NETWORK TO BE ABLE TO DEFEND IT – DEVICES / OS / SERVICES / APPLICATIONS / USERS They need to IMPLEMENT ACCESS CONTROLS, ENFORCE POLICY AND BLOCK APPLICATIONS AND OVERALL ACCESS TO ASSETS. HOWEVER POLICY AND CONTROLS ARE A SMALL PIECE OF WHAT NEEDS TO HAPPEN. THEY MAY REDUCE THE SURFACE AREA OF ATTACK, BUT THERE WILL STILL BE HOLES THAT THE BAD GUYS WILL FIND. ATTACKERS DO NOT DISCRIMINATE. THEY WILL FIND ANY GAP IN DEFENSES AND EXPLOIT IT TO ACHIEVE THEIR OBJECTIVE. DURING THE ATTACK: MUST HAVE THE BEST DETECTION OF THREATS THAT YOU CAN GET ONCE WE DETECT ATTACKS, WE CAN BLOCK THEM AND DEFEND the ENVIRONMENT AFTER THE ATTACK: INVARIABLY ATTACKS WILL BE SUCCESSFUL, AND Customers NEED TO BE ABLE TO DETERMINE THE SCOPE OF THE DAMAGE, CONTAIN THE EVENT, REMEDIATE, AND BRING OPERATIONS BACK TO NORMAL ALSO NEED TO ADDRESS A BROAD RANGE OF ATTACK VECTORS, WITH SOLUTIONS THAT OPERATE EVERYWHERE THE THREAT CAN MANIFEST ITSELF – ON THE NETWORK, ENDPOINT, MOBILE DEVICES, VIRTUAL ENVIRONMENTS. WITH TODAY’S THREAT LANDSCAPE FULL OF ADVANCED MALWARE AND ZERO DAY ATTACKS POINT IN TIME TECHNOLOGIES ALONE DO NOT WORK – IT ONLY ADDS TO THE COMPLEXITY PROBLEM, CREATES SECURITY GAPS – NOT TO MENTION MAKING IT MUCH HARDER TO SCALE IN LINE WITH TODAY’S NEW AND CHANGING BUSINESS MODELS. Network Endpoint Mobile Virtual Cloud Point in Time Continuous

7 Visibility and Context
The New Security Model Attack Continuum BEFORE Discover Enforce Harden Detect Block Defend DURING AFTER Scope Contain Remediate Firewall App Control VPN Patch Mgmt Vuln Mgmt IAM/NAC IPS Antivirus /Web IDS FPC Forensics AMD Log Mgmt SIEM [for more technical discussion on attack continuum. Used after first BDA slide] LET’S COMPARE HOW TODAY’S TECHNOLOGIES MAP TO THE ATTACK CONTINUUM WHAT IS INTERESTING IS THAT YOU FIND THAT SPECIFIC TECHNOLOGIES ADDRESS A SPECFIC PHASE OF THE CONTINUUM. OUR GOAL IS TO BRING INNOVATIVE TECHNOLOGIES, PRODUCTS AND SOLUTIONS TO COVER THE ENTIRE ATTACK CONTINUUM, ACROSS ALL POTENTIAL ATTACK VECTORS, AND WITH TECHNOLOGIES THAT OPERATE, NOT ONLY AT A POINT IN TIME, BUT ALSO HAVE A CONTINUOUS CAPABILITY AND CAN AUTOMATE STEPS IN THE PROCESS. AND ALL OF THIS NEEDS TO BE BASED ON A FOUNDATION OF VISIBILITY AND CONTEXT. THE MORE YOU CAN SEE AND PLACE INTO CONTEXT, THE MORE YOU CAN UNDERSTAND AND PROTECT. IT IS OUR AWARENESS TECHNOLOGIES AND INTEGRATION WITH THE NETWORK FABRIC THAT ENABLE US TO SEE MORE SO WE CAN PROTECT MORE. WE CAN ADDRESS THE FULL ATTACK CONTINUUM TO PROVIDE THE BEST SECURITY SOLUTIONS IN THE MARKET. Visibility and Context

8 Lessons of the Attack Continuum
Security Technologies have a Scope of Application Due to Scope, there can be no Silver Bullet technologies An advanced, modern approach to security will share information and capabilities across all phases of the Attack Continuum

9 Strategic Imperatives
Visibility-Driven Threat-Focused Platform-Based Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advanced Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management Network Endpoint Mobile Virtual Cloud

10 Need Both Breadth and Depth
Network Endpoint Mobile Virtual Cloud Who What Where When How DEPTH

11 You Can’t Protect What You Can’t See
NetFlow Users Application Protocols Malware Vulnerabilities Files Web Applications Services Command and Control Servers Operating Systems Processes Client Applications VoIP Phones Mobile Devices Network Servers Network Behavior Printers Routers and Switches Virtual Machines

12 Threat-Focused ?

13 Detect, Understand, and Stop Threats
Collective Security Intelligence Threat Identified Who Event History What Where ? When How Recorded Context Enforcement ISE + Network, Appliances (NGFW/NGIPS) AMP, CWS, Appliances

14 Continuous Advanced Threat Protection
Collective Security Intelligence Who Event History What Where When How Context Enforcement Continuous Analysis ISE + Network, Appliances (NGFW/NGIPS) AMP, CWS, Appliances AMP, Threat Defense

15 Today’s Security Appliances
WWW Context- Aware Functions VPN Functions IPS Functions Traditional Firewall Functions Malware Functions

16 Reduce Complexity and Increase Capability
Collective Security Intelligence Centralized Management Appliances, Virtual Cloud Services Control Platform Hosted TODAY’S SECUIRTY IS COMPLEX AND FRAGMENTED. WHAT WE NEED IS A MODEL THAT REDUCES COMPLEXITY, PROVIDES CONSISTENT CONTROLS AND PROVIDES CUSTOMERS WITH FLEXIBILITY AND CHOICE. WE NEED A PLATFORM BASED MODEL THAT PROVIDES CONTROLS ON THE NETWORK, ON DEVICES, AND IN THE CLOUD. EACH PLATFORM SHOULD BE EXTENSIBLE ALLOWING FOR ADDITIONAL SECURITY SERVICES TO BE DELIVERED so that every time THERE IS new innovation, you don’t have to IMPLEMENT ANOTHER POINT PRODUCT. PLATFORMS NEED TO BE AGILE, OPEN, AND SCALE. THEY ALSO NEED TO SUPPORT DIFFERENT FORM FACTORS AND DEPLOYMENT MODELS TO MEET YOUR CHANGING INFRASTRUCTURE NEEDS. WHAT MAKES THIS WORK IS CENTRALIZED MANAGEMENT THAT ALLOWS YOU TO SET UNIFIED POLICIES. THIS SIMPLIFIED MODEL, WITH CENTRALIZED MANAGEMENT IS KEY DRIVER FOR OUR CURRENT ACTIVITIES. Network Control Platform Device Control Platform Cloud Services Control Platform Appliances, Virtual Host, Mobile, Virtual Hosted

17 Platform-Based Security Architecture
Management Common Security Policy & Management Common Security Policy and Management Access Control Context Awareness Content Inspection Application Visibility Threat Prevention Security Services and Applications Cisco Security Applications Third Party Security Applications Cisco Security Applications 3RD Party Applications Orchestration Security Management APIs Cisco ONE APIs Platform APIs Cloud Intelligence APIs Physical Appliance Virtual Cloud Security Services Platform Our security architecture spans across the infrastructure, the security appliances, and the cloud, while delivering a common platform with a built-in security services orchestration layer. We will have a set of APIs to deliver certain functions and applications that will run on top of the platform. Today, these capabilities are access control, context awareness, content inspection, application visibility and threat prevention. The value is that they can be from Cisco OR 3rd parties. At the top sits a common security policy and management layer that essentially manages the entire platform. So a big part of our strategy is to enable you to innovate on top of the platform, so that every time a new innovation happens, you don’t have to stick another appliance on top of your infrastructure and create that fragmentation problem I showed earlier. APIs Infrastructure Element Layer Device API – OnePK, OpenFlow, CLI Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider) Route – Switch – Compute ASIC Data Plane Software Data Plane

18 Enforcement delivered from the Cloud
Cloud web security users 6GB Web traffic examined, protected every hour 75M Unique hits every hour 10M Blocks enforced every hour Collective Security Intelligence Telemetry Data Threat Research Advanced Analytics Distributed Enforcement SO what we’re doing at Cisco is delivering Security from the cloud, from 22 Data Centers around the world, with connectors directly off the 70 million AnyConnect clients we have worldwide; on all of our the ISR and ASR routers; as well as connectors from our ASA routers. So you can actually distribute traffic from the physical devices within your perimeter. We then augment this with global intelligence by aggregating the threat awareness capabilities from all of our appliances and the billions of daily transactions we see through our cloud based threat intelligence. We are already doing this today through web and security. In the future, we will deliver this in the form of application security, data security and user security. We will do this because you’ll need to ensure the integrity of these transactions as more users go to cloud-based applications. Cloud Connected Network Mobile Router Firewall

19 CLOUD-BASED THREAT INTEL & DEFENSE
VISIBILITY CLOUD-BASED THREAT INTEL & DEFENSE ATTACKS APPLICATION REPUTATION SITE MALWARE COMMON POLICY, MANAGEMENT & CONTEXT COMMON MANAGEMENT SHARED POLICY ROLES BASED CONTROLS CONTROL NETWORK ENFORCED POLICY ACCESS FW IPS VPN WEB APPLIANCES ROUTERS SWITCHES WIRELESS VIRTUAL

20 Open Source to the Community: OpenAppID

21 What is Snort? Snort® is an open source network intrusion prevention and detection system (IDS/IPS). Snort engine Snort rules language Created in 1998 by Martin Roesch, developed by Sourcefire. Sourcefire was acquired by Cisco Systems on October 7th, 2013 Snort combines the benefits of signature, protocol, and anomaly-based inspection. Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. See more at Never designed to be application aware

22 The Application Problem
Volume Closed Isolation There are more ‘apps’ today than ever before; it’s an impossible task for any one vendor to develop all detections and keep pace with app innovation With a closed approach, it’s hard for a network security team to extend detection to bespoke apps that only exist within that customers network or geography Without an open approach collaboration is impossible. Therefore the sharing and validation of detection content is stymied Little User Benefit From A Closed Approach

23 Open Source Security Philosophy
Community Collaboration Trust Engage with users and developers to strengthen their solutions Build with the community to solve complex security problems Demonstrate technical excellence, trustworthiness and thought leadership Complex Security Problems Solved Through Open Source

24 OpenAppID Overview What is OpenAppID?
An open source application-focused detection language that enables users to create, share and implement custom application detection. Key Advantages New simple language to detect apps Reduces dependency on vendor release cycles Build custom detections for new or specific (ex. Geo-based) app-based threats Easily engage and strengthen detector solutions Application-specific detail with security events OpenAppID benefits customers and the security community by providing new tools and a new simple language to detect apps A ‘crowd-sourced’ approach leverages power of community to rapidly create and validate app detectors – reduces dependency on vendor release cycles. Puts control into the hands of customers, giving them the ability to build custom detections and address new or specific (ex. Geo-based) app-based threats as quickly as possible. Open source allows vendors and user organizations alike, to easily engage and strengthen their solutions. Security analysts now have application-specific detail, such as application name, by which to evaluate events, assign priority, and determine appropriate action.

25 Demo

26 Advanced Malware Protection

27 Advanced Malware Protection Deployment
Complete solution suite to protect the extended network Dedicated Advanced Malware Protection (AMP) appliance Advanced Malware Protection for FirePOWER (NGIPS, NGFW) FireAMP for hosts, virtual and mobile devices Sourcefire’s Advanced Malware Protection solutions utilize big data analytics to continuously aggregate data and events across the extended network - networks, endpoints, mobile devices and virtual environments - to deliver visibility and control against malware and persistent threats across the full attack continuum – before, during and after an attack. We leverage continuous analysis, and real-time security intelligence to deliver detection, tracking, analysis, and remediation to protect the enterprise against malware and targeted, persistent attacks: As you may be familiar, we offer Advanced Malware Protection for both Networks and Endpoints Sourcefire’s Advanced Malware Protection for FirePOWER can be an integrated software-enabled subscription added to any FirePOWER NGIPS or NGFW appliance or as a dedicated Advanced Malware Protection Appliance. FireAMP offers Advanced Malware Protection for Endpoints, using the same big data analytics, protecting against malware for Windows-based systems, mobile devices in both physical and virtual environments. IF MORE DETAIL NEEDED: AMP for FirePOWER: Detection and blocking of malware infected files attempting to enter or traverse the network Continuous analysis and subsequent retrospective alerting of infected files in the event malware determination changes after initial analysis Tracking of malware that has entered the network; identifying point of entry, propagation, protocols used, users and host affected Correlation of malware related events with broader security events and contextual data to provide comprehensive picture of malicious activity Identification and control of BYOD devices on the network    FireAMP Malware blocking and continuous analysis Defend endpoints and remote workers against sophisticated malware – from the point of entry through propagation, to post-infection remediation Detection & blocking of malware, confirmation of infection, trace its path, analyze its behavior, remediate its targets and report on its impact Tracking malware proliferation and activity Indicators of compromise Root cause analysis Outbreak control Impact reporting

28 Advanced Malware Detection
Detection lattice considers content from each engine for real time file disposition One-to-One Signature-based, 1st line of defense Fuzzy Fingerprinting Algorithms identify polymorphic malware Machine Learning Analyzes 400+ attributes for unknown malware Advanced Analytics Combines data from lattice with global trends We like to think of FireAMPs detection technologies as a lattice… they’re interwoven and work together to surface the problem. The fact that it’s cloud based also brings a few benefits… mainly the fact that there is less storage and compute resources required on the endpoint. There are really 4 technologies to think of in this lattice… 1st is our One to one engine – because it’s cloud based it looks at a full database of threats to make a call on a file… not just some that have been cherry picked to optimize the footprint on the host. This cloud model also allows us to publish new signatures faster… real time instead of days or weeks. Our One-to-one engine is the first line of defense. We also use something called fuzzy fingerprinting… internally we call this engine ethos… it has algorithms that take existing signatures and modify them slightly so that they catch malware that’s changing. This is part of that Big Data approach… it’s completely automated and happens extremely fast. The machine learning engine… internally know as spero… evaluates all that metadata we collect to determine if a file might be malware. Finally the advanced analytics engine combines all w/ data we see on a global basis with what the other engines are seeing. The result is we see stuff other technologies are missing on a daily basis. Cloud-based delivery results in better protection plus lower storage & compute burden on endpoint

29 Retrospective Security
Always Watching… Never Forgets… Turns Back Time Continuous Analysis - Retrospective detection of malware beyond the event horizon Trajectory – Determine scope by tracking malware in motion and activity File Trajectory – Visibility across organization, centering on a given file Device Trajectory – Deep visibility into file activity on a single system Retrospective security is unique to Sourcefire and is fundamental in combatting advanced malware. It uses continuous capability which utilizes big data analytics to aggregate data and events across the extended network for constant file tracking and analysis, to alert on and remediate files initially deemed safe, that are now known to be malicious. Should a file have initially passed through thought to be good or unknown initially but is later identified as malicious, the file can be retrospectively identified, the scope of the outbreak understood and contained, to ultimately turn back the clock to automatically remediate malware. Prior to this, there had been no way to track files beyond the event horizon – the “point of no return” for tracking files -- the moment when the file enters into the network and immediately conceals and embeds itself. Trajectory – With Trajectory, customers will not lose sight of malware --making it the only technology of its kind. Trajectory now lets customers determine the scope of an outbreak to be able to track malware or suspicious files across the network and at the system level. Previously only available as part of FireAMP, this feature has been extended across Sourcefire’s Advanced Malware Protection solution portfolio. Trajectory is analogous to having a network flight recorder for malware, recording everything it does and everywhere it goes. Today’s malware is dynamic and can enter a network or endpoint through a variety of attack vectors and, once executed on an intended target, typically performs a number of malicious and/or seemingly benign activities, including downloading additional malware. By leveraging the power of big data analytics, Sourcefire captures and creates a visual map of these file activities, providing visibility of all network, endpoint and system level activity, enabling security personnel to quickly locate malware point-of-entry, propagation and behavior. This gives them unprecedented visibility into malware attack activity, ultimately bridging the gap from detection to remediation to control of a malware outbreak. This is a key enabler of Retrospective Security, which only Sourcefire does.

30 Outbreak Control Multiple ways to stop threats and eliminate root causes
Simple and specific controls, or Context rich signatures for broader control Simple Custom Detections Advanced Signatures Application Blocking Lists White Fast & Specific Families Of Malware Group Policy Control Trusted Apps & Images Device Flow Correlation / IP Blacklists Stop Connections to Bad Sites Cloud & Client Based Cloud & Client Based Outbreak Control is what you use to contain and remediate problems after an advanced malware attack. There are 4 tools to work with… Simple custom detections are based on cryptographic hashes called SHAs. Once you’ve identified malware you want to block, you can simply use the SHA for the file to create a simple custom detection. You can also just upload the actual file and FireAMP will create the SHA for you. Now anytime the file is seen in the future its quarantined. This is also where Cloud Recall comes into play. The detection you created blocks it going forward, but cloud recall works the other side of the problem to quarantine the file on any system that may have seen the it in the past. There may be cases when you want to block based on something besides the SHA. Advanced Custom Signatures are perfect. These are like the snort signatures, so they require some level of sophistication. An example might be after you used FireAMP’s file analysis capability to discover an entire family of malware that has a common binary. You could write an advanced custom signature to deal with it all at once. FireAMP’s application blocking is good for policy enforcement or zero day protection on the endpoint. You can block an application until a patch is released or prevent groups from using specific applications (e.g. like maybe only people in marketing should be able to use twitter.) Whitelisting is mainly a capability to help manage false positives. Simple custom detections won’t apply to any files that have been whitelisted. So if you have a custom built app or a file you know to be safe, the whitelist will ensure it never gets blocked. Products from other companies touting solutions to advanced malware can’t do this.

31 File Analysis Fast and Safe File Forensics
VRT powered insight into Advanced Malware behavior Original file, network capture and screen shots of malware execution Understand root cause and remediation Infected File File 4E7E9331D22190FD41CACFE2FC843F Infected File File 4E7E9331D22190FD41CACFE2FC843F FireAMP & Clients Infected File File 4E7E9331D22190FD41CACFE2FC843F Sourcefire VRT So what does the malware do? If I understand it’s behavior, I’m much better prepared to fight it. File Analysis is like the crime scene lab, basically any malware that we detect or our clients submit to us gets analyzed in a sandbox that’s managed by the VRT. The output is pretty comprehensive. You see the behavior ranked from benign to malignant and it’s all color coded. You get maps that show the possible origins, plus a number of other details. The original file sample is great for security admins who want to run further analysis or create advanced custom signatures in outbreak control. You also get screen shots of the malware executing. Not all malware is apparent on the desktop, but when it does display something odd, it’s great to have a screenshot that you can share with users as a heads up on what to watch out for (i.e. you could send that image to your users to show them what the malware looks like when it’s trying to infect your system… a picture is worth a thousand words.) The network capture can be used to write a snort signature. In fact, some users may want to write a snort signature for NW-based protection AND create an advanced custom signature in FireAMP as an extra precaution. Sandbox Analysis Advanced malware analysis without advanced investment

32 Indicators of Compromise Big data spotlight on systems at high risk for an active breach
Automated compromise analysis & determination Prioritized list of compromised devices Quick links for quick root cause analysis and remediation Indicators of Compromise – A single event, even a blocked malicious file on an endpoint, doesn’t always mean compromise. However, when multiple events, even multiple seemingly benign events, are correlated together the result can significantly raise the risk that a system is compromised and a breach is imminent or in progress. The Indicator of Compromise (IoC) feature is yet another NEW capability of Sourcefire’s Retrospective Security, leveraging Sourcefire collective security intelligence, big data analytics, and continuous analysis, IoC delivers a prioritized list of potentially compromised devices, and quick links to inspect activity and remediate the problem. This goes far beyond what point-in-time detection technologies can deliver by continuing to capture, analyze and correlate activity after the initial determination is rendered, giving security personnel automated analysis and risk prioritization. Some examples of types of IoCs include: File Detection: This is the lowest ranking/basic indicator of compromise. This event indicates that multiple malicious files were operated upon (created, moved, executed or scanned) on the host. Potential Dropper Infection:  This event is triggered when the same malicious file is created multiple times on the host. This is a clear sign that the host is being persistently compromised and any defense tools (including FireAMP agent) are only treating symptoms and not the root cause of the infection. Multiple Infected Files: This event shows up when the same malicious file is seen to be dropped/created by different processes. This often indicates processes running on the system have been compromised - Malware often co-opts clean system processes into doing malcious activity. This is called process injection and is a common trait of most malware.

33 Demo

34 Continuous Capability Advanced Threat Protection
Only Cisco Delivers Unmatched Visibility Continuous Capability Advanced Threat Protection Complexity Reduction Global Intelligence With Context The value Cisco brings customers through the New Security Model and the Strategic Imperatives of being visibility-driven, threat-focused and platform-based across the entire attack continuum is: Unmatched Visibility You will have access to the global intelligence you need with the right context to make informed decisions and take immediate action. Network as a sensor Contextual awareness Utilize global intelligence with big data analytics Open interfaces to visibility tools Consistent Control You can consistently enforce policies across the entire network and have the control you need to accelerate threat detection and response. Unified policy orchestration, language and enforcement Open interfaces to control platforms Extends from data center to cloud to end-point Advanced Threat Protection You will be able to detect, understand and protect against advanced malware/advanced persistent threats across the entire security continuum. Real-time threat analysis Retrospective threat analysis Reduced Complexity You can adapt to the changing dynamics of your business environment quickly , at scale and securely. Integrated security services platforms Unified management Automation Open ecosystem through APIs ACI fabric integration Managed Services Point-in-Time and Contiuous Protection Across the Network and Data Center Detects and Stops Advanced Threats Fits and Adapts to Changing Business Models whereever the Threat Manifests

35 Cisco Live 2013 4/20/2017

Download ppt "Cisco Live 2013 4/20/2017."

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.

Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.

Similar presentations

Ads by Google