Cisco Data Loss Prevention Lösungen zur Verhinderung von Datenverlust über Email und Web Stephan Meier smeier@cisco.com November 2013 2010 Cisco and/or its affiliates. All rights reserved. 1
Email Security Web Security 2010 Cisco and/or its affiliates. All rights reserved. 2
Sally Joe Bill CFO Beth High Volume Low $ Value Low Volume High $ Value CEO PAST Phishing TODAY Attachment-based Custom URL Targeted Phishing Spam Image Spam Virus Outbreaks 2010 Cisco and/or its affiliates. All rights reserved. 3
Reale Kosten durch Insider Bedrohungen und nicht kontrollierte Sicherheitsrichtlinien! Die Folgen eines einzigen Sicherheitsvorfalls können gravierend sein, die Kosten können in die Millionen gehen! Gesetzliche Datenschutzregeln können die Folgen von nicht umgesetzten Email Policies sehr kostspielig machen Spam Malware Data & Content Malware Inbound Spam Data & Content Email Corporate Office Malware Malware Email Home Resources Office & Data Coffee Shop Mobile User Resources Airport & Data Outbound Email ist der wichtigste Weg für Bedrohungen und Datenverluste 2010 Cisco and/or its affiliates. All rights reserved. 4
TARGET Technology IP Paul Roberts Engineering Manager Global Technology, Co.! Born: Bethesda, Maryland, 1960! Married with 2 children! Residence: Morgan Hill! Favorite football team: Baltimore Ravens! Previous company: Verizon! Zielgerichtete Angriffe haben sich im letzten Jahr vervierfacht. 2010 Cisco and/or its affiliates. All rights reserved. 5
Friend paul@email.com Paul Roberts Engineering Manager Global Technology, Co.! Born: Bethesda, Maryland, 1960! Married with 2 children! Residence: Morgan Hill! Favorite football team: Baltimore Ravens! Previous company: Verizon! Request for Review Paul, I forward my thesis to you for review. Please open it and provide comments. www.personal Site.com/Thesis_Draft.pdf Hope all is well since Verizon. Best regards, Friend 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Führende Email Protection Lösungen Gartner 2012 Magic Quadrant Leader Cisco Email Security schützt 50 % der Fortune 1000, mehr als 20 % der weltgrößten Unternehmen und die 10 größten Service Provider Inbound und Outbound Dedizierte Cloud Infrastruktur Cloud Kapazität und Verfügbarkeit Garantiert CLOUD DLP und Encryption Targeted Attack / APT Abwehr mit Cisco SIO Anti-Malware / Antivirus Outbreak Filter Mobile Smartphone Email Encryption Anti-Spam Abwehr aufkommender IPv6 Bedrohungen EMAIL SECURITY FAMILY OF PRODUCTS Passende Dimensionierung für den Einsatz in der eigenen Umgebung Einfach zu betreiben APPLIANCES 2010 Cisco and/or its affiliates. All rights reserved. 7
Nutzung des Cisco Security Intelligence Operations Zero-Day Schutzmechanismen 35% des Weltweiten Email Verkehrs 75 TB Webdaten täglich 13 Milliarden Web Requests 1.6 Millionen Devices im Einsatz Mehr als 150 Millionen Endgeräte Data & Content Yes Malware Email Reputation Filters Malware Scanning Outbreak Filters Spam Malware Blocked APPLIANCE CLOUD VIRTUAL Deployment Type 2010 Cisco and/or its affiliates. All rights reserved. 8
Inbound Reputation Filtering Anti-Spam Anti-Virus Virus Outbreak Filters Asyncos MTA Platform Encryption Remediation DLP Content Filter Outbound 2010 Cisco and/or its affiliates. All rights reserved. 9
Cisco Email Security blockt mit Reputation, Malware und Outbreak Filtern????? Reputation Filters Block 90% of Spam?? Malware Scans? >99% Catch Rate < 1/1M False Positives Outbreak Filters 2010 Cisco and/or its affiliates. All rights reserved. 10
Vorher http://www.threatlink.com/ Friend Paul, paul@email.com Request for Review I forward my thesis to you for review. Please open it and provide comments. www.personal Site.com/Thesis_Draft.pdf Nachher http://secure-web.cisco.com/auth=x&url=www.threatlink.com! Hope alls well since Verizon. Best regards, Friend 2010 Cisco and/or its affiliates. All rights reserved. 11
7 M Updates per Day 1Tb Threat Telemetry Friend Identified: Targeted Attack Content: Malware Payload Vector: Email Action: Blocked paul@email.com Request for Review Paul, I forward my thesis to you for review. Please open it and provide comments. www.personal Site.com/Thesis_Draft.pdf Hope alls well since Verizon. Best regards, Friend 2010 Cisco and/or its affiliates. All rights reserved. 12
Inbound Reputation Filtering Anti-Spam Anti-Virus Virus Outbreak Filters Asyncos MTA Platform Encryption Remediation DLP Content Filter Outbound 2010 Cisco and/or its affiliates. All rights reserved. 14
Enfaches Policy Enforcement Einfaches Setup Wirksame Konditionen und Aktionen Blockt Attachments Erzwingt Compliance Userspezifische Regeln Anpaßbare Mitteilungstemplates Vorbereitete Policies and Lexikon für gängige Regularien 2010 Cisco and/or its affiliates. All rights reserved. 15
Teil einer umfassenden DLP Lösung mit RSA Einfach und Genau Email Security Data Loss Prevention Policies Incidents Email Uptime Threat Prevention Policy Enforcement Risk Policy Definition Incident Management Compliance 2010 Cisco and/or its affiliates. All rights reserved. 16
Vollständige Kontextanalyse Akkurat Umfassend Integriert jsmith@acme.com Prescription for J Smith We need to fax the following prescription information for Roger McMillan FEXOFENANDINE (ALLEGRA) 180 MG TABLET Proper name detection G Q Dosage: Take 1 tablet by mouth daily Prescribed by Dr. Joseph A. Kennedy, MD on 7/22/10 Please delivery to pharmacy stat. ============================================== Matches are found in close proximity SSN: 331075839 Name: Roger McMillan Medical Record: 06135443 SSN Numbers Primary Care Provider: Blue Cross Blue Shield CA Rule is matched multiple times to increase score Clinic: Stanford Hospital Address: 177 Bovet Road San Mateo, CA 94402 Unique rule matches are met 2010 Cisco and/or its affiliates. All rights reserved. 17
Abgestufte Optionen an Massnahmen Optionen für Massnahmen: Ausliefern, Quarantäne, Droppen oder Verschlüsseln Modifizieren: Disclaimer hinzufügen, Subject modifizieren Andere Informieren: Copy Admin oder Vorgesetzte Mitteilung: Sender oder Empfänger erhalten individuelle Nachricht 2010 Cisco and/or its affiliates. All rights reserved. 18
Encryption auch auf auf Smartphones Sichere Emails senden und öffnen For iphone and Android CRES (Cisco Registered Envelope Service) Encrypting the email F4pQT5xYLj30TUDR3f Qrr79uMXCGt83ph9AS KJDL5k6rlLTOIU46MW OS2cFXU8vPsGG6sYR Username Password Vorgesetzter Mitarbeiter 2010 Cisco and/or its affiliates. All rights reserved. 19
Email Security Web Security 2010 Cisco and/or its affiliates. All rights reserved. 21
Vereinfachter Einsatz und Management Durchgängige Policy und Security für alle User Internet Firewall Single-box Lösung für Traditional einfachen Betrieb Web Proxy Appliances Kann Cisco AnyConnect 1 Malware Client nutzen Engine Integriert URL Filtering sich einfach in vorhandene Cisco Policy Infrastruktur Management Reporting Internet Internet Firewall Cisco Web Security Appliance Web Proxy Multiple Malware Engines URL Filtering AVC Web Reputation SIO Updates Layer 4 Traffic Monitoring SIEM/DLP/SOCKS/FTP Policy Management Reporting Users Users 2010 Cisco and/or its affiliates. All rights reserved. 22
Jeder Click, Jedes Objekt Layer 4 Traffic Monitor Reputation Analysis URL and Threat Outbreak Filters Multi-Engine Anti-Malware End User fragt Web Site an Überwacht Ports und phone home Aktivitäten Web Reputation Score wird angewendet für die Site oder Sub- Sites Filtert Content gemäß Policy, analsiert Web Elemente wie Files, Links, iframes, etc. Mehrere AV/AM Engines bieten Echtzeit Malware Inspection Fortlaufendes Monitoring verhindert Datenverlust und schützt vor dynamischen Bedrohungen 2010 Cisco and/or its affiliates. All rights reserved. 23
Bieten Schutz vor neuen Bedrohungen 80+ PH.D.S, CCIE, CISSP, MSCE 24x7x365 operations 40+ languages 600+ engineers, technicians and researchers $100M+ spent in dynamic research and development 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 Cisco SIO 1001 1101 1110011 0110011 101000 0110 00 0111000 WWW Email Devices Web Zero-day Erkennung CWS IPS AnyConnect WWW IPS Networks Endpoints Visibility 1.6M global sensors 75TB data received per day 150M+ deployed endpoints 35% worldwide email traffic 13B web requests Information Actions Reputation basieredner Schutz Durchgängiges Enforcement ESA ASA WSA Control 3 to 5 minute updates 5,500+ IPS signatures produced 8M+ rules per day 200+ parameters tracked 70+ publications produced 2010 Cisco and/or its affiliates. All rights reserved. 24
Applikationen: Visibilität und Kontrolle Breite Klassifizierung des gesamten Verkehrs 1.000+ Anwendungen MicroApp Engine Detaillierte Klassifizierung von ausgesuchtem Verkehr 75.000+ MicroApps Anwendungsverhalten Granulare Kontrolle des Anwendungs- und Anwenderverhaltens 2010 Cisco and/or its affiliates. All rights reserved. 25
Vollständiger Context - Plus Threat Awareness Cisco SIO www.facebook.com GO 2010 Cisco and/or its affiliates. All rights reserved. 26
CWS Cloud WSA On- Premises Hotmail WSA Enterprise DLP Integration DLP Vendor Box 2010 Cisco and/or its affiliates. All rights reserved. 27
Firewall Integrated (ASA + AVC/WSE) Cloud (Cloud Web Security) Web/URL Filtering " " " Appliance, Physical and Virtual (Web Security Appliance) Application Visibility and Control (AVC) Ports (all) Protocols (all) Ports (80, 443) Protocols (HTTP(S)) Ports (21, 80, 443) Protocols (HTTP(S), FTP) Malware Protection URL/IP reputation filtering URL/IP reputation filtering plus multiple scanners for malware URL/IP reputation filtering plus multiple scanners for malware Remote User Security VPN backhaul Direct to cloud VPN backhaul Deployment On the firewall Redirect to cloud via Cisco ASA, ISR, WSA, AnyConnect On-premises redirect Policy and Reporting On premises In the cloud On premises Licensing/ Subscription Based on ASA model 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y 2010 Cisco and/or its affiliates. All rights reserved. 28
Vielen Dank.