Chip Sharp chsharp@cisco.com © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 LOW Volume Evolution of Threat Landscape MASS EMAIL ADOPTION SPAM VIRUS OUTBREAKS Network Evasions Polymorphic Code CFO CEO PHISHING Worms HIGH $ VALUE APTs Covert, Sponsored Targeted Attacks Botnets Code Red HIGH Volume LOW $ VALUE Aurora Conficker Attachment-based Image Spam Slammer IPv6-based Custom URL Targeted Phishing PAST TODAY LOW Volume Intellectual Property Quarantine Filter LOW $ IMPACT Encrypt Everything DLP Data Classification TLS Brand HIPAA PCI Social Security Numbers COMPLIANCE Evolution of Outbound Protection © 2012 Cisco and/or its affiliates. All rights reserved. CUSTOMER ASSETS Identity Aware HIGH Volume HIGH $ IMPACT Cisco Public 2 Securing Email for the Evolving Workforce PAST YESTERDAY’S EMAIL USER THE ANYTIME, ANYWHERE TODAY’S EMAIL USER Checked email only from company issued workstations Checks email from multiple devices Text with attachment Always accessed email from behind the corporate firewall ü 7 billion mobile devices worldwide by 2015 ü 1 in 3 employees uses at least 3 devices for work Expects email access anytime, anywhere Global TODAY Blends work and play Believes IT is ultimately responsible for security Rich HTML email Will violate IT policies to get the job done Relies heavily on Social Media © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Email Security Architecture Management Threat Defense Data Security Antispam Data Loss Prevention Antivirus and Virus Outbreak Filter Encryption © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 cloud-based global threat intelligence 24x7x365 600+ $100M+ OPERATIONS SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT 40+ ENGINEERS, TECHNICIANS AND RESEARCHERS 80+ LANGUAGES PH.D.S, CCIE, CISSP, MSCE Cisco SIO WWW IPS Web Networks Endpoints Visibility 1.6M GLOBAL SENSORS 75TB DATA RECEIVED PER DAY 35% WORLDWIDE EMAIL TRAFFIC 13B WEB REQUESTS Information Devices Actions Email ScanSafe AnyConnect WWW ESA ASA WSA Control 3 to 5 MINUTE UPDATES 5,500+ IPS SIGNATURES PRODUCED 150M+ 8M+ DEPLOYED ENDPOINTS RULES PER DAY © 2012 Cisco and/or its affiliates. All rights reserved. IPS 200+ PARAMETERS TRACKED 70+ PUBLICATIONS PRODUCED Cisco Public 5 • 35% of the world’s email traffic • 75 TB of web data per day • 13 billion web requests • 1.6 million deployed devices • More than 150 million endpoints Data & Content Yes Malware Email Reputation Filters Malware Scanning Outbreak Filters Spam Malware Blocked APPLIANCE CLOUD VIRTUAL Deployment Type © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Paul Roberts ger ing Mana Engineer chnology, Co.! e Global T TARGET Technology Intellectual Property 60! Born: land, 19 y r a M , a ! Bethesd children 2 h t i w Married e: Residenc l! il Morgan H football Favorite imore Ravens! lt team: Ba company: Previous ! Verizon Targeted Attacks have quadrupled in the last year. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Paul Roberts er ng Manag Co.! i r e e n i g En y, echnolog Global T Friend paul@email.com 1960! Born: aryland, M , a d s e Beth dren! h 2 chil t i w d e i Marr e: Residenc l! il Morgan H football ens! e t i r o v v a a F timore R l a B : m a te company: s u o i v e r P ! Verizon Request for Review Paul, I forward my thesis to you for review. Please open it and provide comments. www.Personal Site.com/Thesis_Draft.pdf Hope all is well since Verizon. Best regards, Friend © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Cisco Email Security blocks with reputation, malware and outbreak filters ? ? ? ?? ? ? Reputation Filters Malware Scans ? Outbreak Filters >99% Catch Rate Block 90% of Spam < 1/1M False Positives © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Before http://www.threatlink.com/ Friend paul@email.com Request for Review Paul, After http://secure-web.cisco.com/auth=X&URL=www.threatlink.com! I forward my thesis to you for review. Please open it and provide comments. www.Personal Site.com/Thesis_Draft.pdf Hope alls well since Verizon. Best regards, Friend © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 7 M Updates per Day 1Tb Threat Telemetry Identified: Targeted Attack Content: Malware Payload Vector: Email Action: Blocked Friend paul@email.com Request for Review Paul, I forward my thesis to you for review. Please open it and provide comments. www.Personal Site.com/Thesis_Draft.pdf Hope alls well since Verizon. Best regards, Friend © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 http://secure-web.cisco.com… Malware Payload Blocked Cisco Security The requested web page has been blocked http://www.threatlink.com Cisco Email and Web Security protects your organization’s network from malicious software. Malware is designed to look like a legitimate email or website which accesses your computer, hides itself in your system, and damages files. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Summary • Email threats have evolved beyond blanket attacks • Targeted attacks and new vulnerabilities introduced by BYOD • Inbound Defense – Outbreak Filters, Leveraging SIO, Anti-Malware, Anti-Virus, Anti-Spam © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13