Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2005 Cisco Systems, Inc. All rights reserved. CISCO SECURITY MONITORING, ANALYSIS & RESPONSE SYSTEM.

Published byGarry Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2005 Cisco Systems, Inc. All rights reserved. CISCO SECURITY MONITORING, ANALYSIS & RESPONSE SYSTEM."— Presentation transcript:

1 1 © 2005 Cisco Systems, Inc. All rights reserved. CISCO SECURITY MONITORING, ANALYSIS & RESPONSE SYSTEM

2 222 © 2005 Cisco Systems, Inc. All rights reserved. Mandates: Increase customer retention and acquisition Build systems around customer/partner access while preserving customer privacy Avoid downtime Disruptions: Direct revenue losses Average $2,000,000 / incident Median.067% of revenue / incident Recovery costs Average = $74,000 per incident Mean = $6,000 per incident Frequency and duration One incident per year Downtime: 22 hours $0 $5 $10 $15 $20 12345678910 Internet business disruption loss rates (millions) Number of incidents Median revenue losses Average recovery costs * Aberdeen Group, Automating Information Access Benchmark Research Report, September 2004 Mandates and Disruptions

3 333 © 2005 Cisco Systems, Inc. All rights reserved. Constant Threat of Attacks and Zero-Day Threats Companies experience 30+ attacks / week Virus and worms attacks increasing at 11% annually Slammer infected 75,000 hosts in 11 minutes Network Computing estimates the cost per single incident of unknown buffer overflow attack to be $98,306 Variants, scripts, and automated tools essentially yield a persistent attack on open exposures Persistent Attacks and Zero Day Threats

4 444 © 2005 Cisco Systems, Inc. All rights reserved. 82%: prevention and avoidance 9%: recovery and restoration 9%: containment Intrusion prevention for Networks and/or hosts Security event correlation and management Firewalls at network Gateways and/or PCs Threat assessment and management tools 0% 10% 20% 30% 40% 50% 60% RecoverContainPreventUncertain * Aberdeen Group, Automating Information Access Benchmark Research Report, September 2004 Solutions to Overcome Disruptions

5 555 © 2005 Cisco Systems, Inc. All rights reserved. Network & Security Event Noise Inefficient Attack Identification & Response Compliance & Audit Mandates Never enough Security Staff “after patching, putting out fires, investigation and remediation… produce the audit report” alarms, disconnected events, false positives, network anomalies Sarbox, HIPAA, GLBA, FISMA, Basel II… due care and process un-prioritized blended attacks, day zero attacks, worms… and network issues Costly Business Dilemma Mitigate Attacks Security Challenge = Business Problem

6 666 © 2005 Cisco Systems, Inc. All rights reserved. Defense-in-depth Firewalls Proxies VPN Anti-virus Network IDS/IPS Host IDS/IPS Vulnerability Assessment Patch Management Policy Compliance Router Switch Integrated Management Components of a Self-Defending Network

7 777 © 2005 Cisco Systems, Inc. All rights reserved. Reactive Steps: 1.Escalated Alert 2.Investigate 3.Coordinate 4.Mitigate Network Operations Security Operations Firewall IDS/IPS VPN Vulnerability Scanners Authentication Servers Router/Switch Anti-virus 10K Win, 100’s UNIX Collect Network Diagram Read and Analyze TONS of Data… Repeat Always Too Late Security Operations Response

8 888 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS transforms raw network and security data into actionable intelligence used to subvert real security incidents, as well as maintain corporate compliance Network-intelligent correlation Incident validation Attack visualization Automated investigation Leveraged mitigation Compliance management High performance Low TCO Introducing Cisco Security Monitoring, Analysis & Response System (CS-MARS)

9 999 © 2005 Cisco Systems, Inc. All rights reserved. Centrally aggregate logs… limited event reduction and correlation No network intelligence… isolated device events Basic alerts, workflow, and reports… lacks details for timely response Integrated network intelligence for superior event aggregation, reduction, and correlation Visually depicts topology, valid incidents; attack path details with layer 2 / 3 leveraged mitigation Events are dynamically NAT resolved, correlated, grouped, and validated CS-MARS Enterprise Threat Mitigation Costly to buy, deploy, maintain Lowest TCO; immediate results, easy to use and cost-effective deployment Alternative SIM Approaches Poor performance; achieved with costly platforms and / or clustering Full correlation in excess of 10,000 EPS and 300,000 flows / sec CS-MARS Value Proposition

10 10 © 2005 Cisco Systems, Inc. All rights reserved. Gain Network Intelligence Topology, traffic flow, device configuration, and enforcement devices ContextCorrelation™ Correlates, reduces and categorizes events Validates incidents Valid Incidents Sessions Rules Verify Isolated Events Correlation Reduction Router Cfg. Firewall Log Switch Cfg. Switch Log Server Log AV Alert App Log VA Scanner Firewall Cfg. Netflow NAT Cfg. IDS Event...... CS-MARS: “Know the Battlefield”

11 11 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS: “Command and Control”

12 12 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS: “Connect the Dots” SureVector™ Analysis Visible and accurate attack path Drill-down, full incident and raw event details Pinpoint the true sources of anomalous and attack behavior More complete and accurate story 1. Host A Port Scans Target X 2. Host A Buffer Overflow Attacks X Where X is behind NAT device and Where X is Vulnerable to attack 3. Target X executes Password Attacks Target Y located downstream from NAT Device

13 13 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS “Leveraged Mitigation” Use control capabilities within your infrastructure Layer 2/3 attack path is clearly visible Mitigation enforcement devices are identified Exact mitigation command is provided Firewall Router Switch ]

14 14 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS: Compliance Reports Popular reports with customization and distribution options Queries saved as rules or reports – intuitive framework (no SQL)

15 15 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS: Correlation and Reduction Descriptive rule framework and incident details Significant consolidation

16 16 © 2005 Cisco Systems, Inc. All rights reserved. The CS-MARS Advantage Superior Functionality, Lowest TCO Immediate results Quick install, out-of-box use, web-based HTML console Agentless capture, embedded Oracle®, no dba necessary Supports popular network and security device Optimized performance and scalability Rapid in-line processing ~over 10,000 EPS with all features active High capacity RAID storage, continuous NFS archive Global controller supports distributed CS-MARS management

17 17 © 2005 Cisco Systems, Inc. All rights reserved. CS-MARS Lineup Appliance convenience Complete integrated system; no additional hardware, platform, database, or agent software to purchase, install, and maintain No need to determine nodes, admins, agents or other licensing Hardened OS, roles-based admin. and secure communications Model CS-MARS 20CS-MARS 50CS-MARS 100eCS-MARS 100CS-MARS 200 CS-MARS GC Events / Sec.5001,0003,0005,00010,000na Flow / Sec.10,00025,00075,000150,000300,000na RAID Storage120GB + 240GB750GB 1TB +not RAID

18 18 © 2005 Cisco Systems, Inc. All rights reserved. Enterprise Threat Mitigation Empowers operators to maintain network availability Leverages network and security infrastructure Reduces noise and false alarms for better response Streamlines investigation, compliance and management Identifies significant, sophisticated, rapid threats Delivers return on security investment CS-MARS Effective. Efficient. Integrated.

19 19 © 2005 Cisco Systems, Inc. All rights reserved.

Download ppt "1 © 2005 Cisco Systems, Inc. All rights reserved. CISCO SECURITY MONITORING, ANALYSIS & RESPONSE SYSTEM."

Similar presentations

Applying Technical Solutions. The ables Addressable Arguable Reasonable.

Applying Technical Solutions. The ables Addressable Arguable Reasonable.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.

1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Iron Mountain’s Email Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.

Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
EHealth Network Monitoring Network Tool Presentation J. Gaston Senior Network Design Seminar Professor Morteza Anvari 10 December 2004.

EHealth Network Monitoring Network Tool Presentation J. Gaston Senior Network Design Seminar Professor Morteza Anvari 10 December 2004.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, 2007. This.

Centralizing and Analyzing Security Events: Deploying Security Information Management Systems Lynn Ray Towson University Copyright Lynn Ray, This.

Similar presentations

Ads by Google