Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Published byLindsay Hubbard Modified over 9 years ago

Similar presentations

Presentation on theme: "1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now."— Presentation transcript:

1 1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

2 Server and Desktop

3 333 © 2003, Cisco Systems, Inc. All rights reserved. Host Based Intrusion Prevention (HIPS) Items to secure Servers and Desktops Cisco Security Agent software (CSA) -Behavior based, NO SIGNATURE UPDATES REQUIRED -Zero Hour Protection BLOCKED: -MS Blaster (luvgate)- Nimda -CodeRed v1 & v2 - SQL Slammer -SoBig- Backdoor.IRC.RPCBot.D Event correlation at the management console across the network to give high alert of potential WORM or VIRUS With the addition of the PROFILER, event correlation is enhanced and custom policies generated Items to secure Servers and Desktops Cisco Security Agent software (CSA) -Behavior based, NO SIGNATURE UPDATES REQUIRED -Zero Hour Protection BLOCKED: -MS Blaster (luvgate)- Nimda -CodeRed v1 & v2 - SQL Slammer -SoBig- Backdoor.IRC.RPCBot.D Event correlation at the management console across the network to give high alert of potential WORM or VIRUS With the addition of the PROFILER, event correlation is enhanced and custom policies generated

4 444 © 2003, Cisco Systems, Inc. All rights reserved. From Signature-based to Policy-Based Stops new attacks that attempt malicious activity Policies allow “good” behavior and prevent “bad” behavior P2P, Instant Messaging, Custom Programs From Multiple Products to Single Agent Aggregates multiple security functionality in one agent HIPS, Zero-day protection, Firewall and OS lockdown From Updates to Zero-Update Protection Behavior-based architecture changes desktop and server paradigm Transition From Detection to Protection: At the Endpoint…

5 555 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Security Agent (CSA): Behavioral Protection From Attacks Target  Rapidly Mutating  Continual signature updates  Inaccurate  Most damaging Change very slowly Inspiration for CSA solution

6 666 © 2003, Cisco Systems, Inc. All rights reserved. Behavior Control Protects End Points Network Protocol StackHost Operating System Web Server Email Client Web Browser... Network Shim Inbound packets Outbound packets System Call Shims File System Access Registry Access COM Object Access Memory Access Code Execution HTTP Filtering Protocol Attack SMBDie Ping of Death Operating System Attack Mount Shares Application Attack Buffer Overflow Active Content Corporate Security Policy

7 777 © 2003, Cisco Systems, Inc. All rights reserved. Cisco Security Agent Functions System Hardening Syn-flood protection Malformed packet protection Restart of failed services Resource Protection File access control Network access control Registry access control COM component access control Control of executable content Protection against email worms Protection against automatic execution of downloaded files or ActiveX controls System Hardening Syn-flood protection Malformed packet protection Restart of failed services Resource Protection File access control Network access control Registry access control COM component access control Control of executable content Protection against email worms Protection against automatic execution of downloaded files or ActiveX controls Application-related Application run control Executable file version control Protection against code injection Protection of process memory Protection against buffer overflows Protection against keystroke logging Detection Packet sniffers & unauthorized protocols Network scans Monitoring of OS event logs

8 888 © 2003, Cisco Systems, Inc. All rights reserved. Types of Behavior Malicious Behavior Always undesired Policy Violations May be undesired Strict Control Default Server and Desktop Policies Default Application Policies All Possible Types of Security Relevant Behavior Application Specific Policies via CSA Profiler CSA can also provide customized behavioral security for any environment

9 999 © 2003, Cisco Systems, Inc. All rights reserved. CSA Management Model Router Web Browser Administrator Configuration data Events Security Administrators Configure the system via browser connected to CSA Management Console Review security events, reports, & alerts Modify security policies Can have: Configure, Deploy, Monitor roles CSA MC Is required to be physically secure Holds the configuration and event databases (SQL Server) Serves to distribute agent software to end-points Deploys security policies to end-points Receives events from agents and performs correlation Sends alerts to administrators Hosts or End Points Protected by CSA Are members of one or more groups Get their security policies from the CSAMC Send security events to the CSAMC

10 10 © 2003, Cisco Systems, Inc. All rights reserved. CISCO Security Agent Architecture CSA Mgmt Console Server Agent Server Agent SNMP Manager Custom Programs Local File Policy Updates Alerts Platforms: WinNT, Win2K, WinXP and Solaris 8 64bit Agents enforce policy locally, connected or not All communications HTTP and SSL Web Browser Management Configuration Reports, Events Other Managers Desktop Agent Laptop Agent Desktop Agent

11 11 © 2003, Cisco Systems, Inc. All rights reserved. Correlation on Manager Higher accuracy Fewer “False Negative” events Example: Distributed “Ping Scans”, Network Worm propagation CSA Correlation Capabilities Management Server Agent Correlation on Agent Higher accuracy Fewer “False Positive” events Example: Trojan Horse detection, Network Worm propagation, automatic application recognition CSA offers unique agent and management level correlation

12 12 © 2003, Cisco Systems, Inc. All rights reserved. CSA Market-Leadership Validation

13 13 © 2003, Cisco Systems, Inc. All rights reserved. CISCO Security Agent v4.0 – July 2003 Integration with Cisco Works VMS 2.2 – Co-resident installation; SecMon integration Additional Web server protection features – HTTP filtering; Connection Rate Limiting End-point integrity enforcement – Are You There integration with Cisco VPN client 4.0 Augmenting the security of CISCO infrastructure – CSA policies for VMS and CISCO Call Manager Integration with Cisco Works VMS 2.2 – Co-resident installation; SecMon integration Additional Web server protection features – HTTP filtering; Connection Rate Limiting End-point integrity enforcement – Are You There integration with Cisco VPN client 4.0 Augmenting the security of CISCO infrastructure – CSA policies for VMS and CISCO Call Manager

14 14 © 2003, Cisco Systems, Inc. All rights reserved. The Value of Prevention We estimated three classes of users, from data input to managerial functions, and assigned a population to each. After totaling the server downtime, the amount of time lost for employees and the hourly rate for each group, we came up with a staggering $98,306 for the incident. " Network Computing Magazine, October 2002

15 15 © 2003, Cisco Systems, Inc. All rights reserved. The Value of Patch Relief CSA enables more cost effective patch management (providing relief from today’s reactive approach): Vulnerable hosts have protection in the face of new attacks Customer may wait for ‘roll-ups’ and Service Packs, which come better qualified from vendor Testing and implementation of updates can be scheduled without undue change control interruption CSA enables fewer updates to endpoints in a proactive and scheduled fashion …..which means a lower TCO per server CSA enables more cost effective patch management (providing relief from today’s reactive approach): Vulnerable hosts have protection in the face of new attacks Customer may wait for ‘roll-ups’ and Service Packs, which come better qualified from vendor Testing and implementation of updates can be scheduled without undue change control interruption CSA enables fewer updates to endpoints in a proactive and scheduled fashion …..which means a lower TCO per server "And Digex, a provider of managed Web and application hosting services, calculates the annual cost of manually managing patch deployment to be about $14,400 per server." CSO Magazine, August 2003 “IT managers spend two hours per server to test and deploy a patch, which leads research firm Gartner to estimate that it can cost a company with 1,000 servers about $300,000 for each patch. Information Week, Attacks Averted, Feb 3, 2003

16 16 © 2003, Cisco Systems, Inc. All rights reserved. CISCO Security Agent Summary CSA’s behavior based technology enables: –Lower Total Cost of Ownership Single agent for Desktops and Servers Provides multiple security solutions (Firewall + IDS + Malicious Mobile Code + OS Hardening + File Integrity) Removal of the signature management burden Huge reduction in alerts and false positives Correlation on the Agent and Management Console Intrusion Prevention not detection CSA’s behavior based technology enables: –Lower Total Cost of Ownership Single agent for Desktops and Servers Provides multiple security solutions (Firewall + IDS + Malicious Mobile Code + OS Hardening + File Integrity) Removal of the signature management burden Huge reduction in alerts and false positives Correlation on the Agent and Management Console Intrusion Prevention not detection

17 17 © 2003, Cisco Systems, Inc. All rights reserved. CISCO Security Agent Summary CSA’s behavior based technology enables: –You get to enforce your Corporate Security Policies –You get to control the Patch process –Data Theft Policy protects Intellectual Property –Protection in the face of new and unknown threats CSA’s behavior based technology enables: –You get to enforce your Corporate Security Policies –You get to control the Patch process –Data Theft Policy protects Intellectual Property –Protection in the face of new and unknown threats

18 18 © 2003, Cisco Systems, Inc. All rights reserved.

Download ppt "1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
Security Guidelines and Management

Security Guidelines and Management
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.

Similar presentations

Ads by Google