Präsentation
Transcrição
Präsentation
Cisco Data Loss Prevention Lösungen zur Verhinderung von Datenverlust über Email und Web Stephan Meier [email protected] November 2013 © 2010 Cisco and/or its affiliates. All rights reserved. 11 Email Security Web Security © 2010 Cisco and/or its affiliates. All rights reserved. 2 Sally Joe Bill Beth CFO Low Volume High Volume High $ Value Low $ Value PAST CEO TODAY Phishing Attachment-based Spam © 2010 Cisco and/or its affiliates. All rights reserved. Custom URL Targeted Phishing Image Spam Virus Outbreaks 3 Reale Kosten durch Insider Bedrohungen und nicht kontrollierte Sicherheitsrichtlinien ! Die Folgen eines einzigen Sicherheitsvorfalls können gravierend sein, die Kosten können in die Millionen gehen ! Gesetzliche Datenschutzregeln können die Folgen von nicht umgesetzten Email Policies sehr kostspielig machen Spam Data & Content Spam Data & Content Malware Malware Inbound Malware Email Email Malware Corporate Office Coffee Shop HomeResources Office & Data Outbound © 2010 Cisco and/or its affiliates. All rights reserved. Mobile User Airport & Data Resources Email ist der wichtigste Weg für Bedrohungen und Datenverluste 4 s Paul Robert Manager .! g n i r e e n o Engi ology, C n h c e T l Globa TARGET Technology IP 960! Born: yland, 1 r a M , a d ! Bethes children 2 h t i w Married e: Residenc l! il Morgan H football Favorite imore Ravens! lt team: Ba ompany: c s u o i v Pre ! Verizon Zielgerichtete Angriffe haben sich im letzten Jahr vervierfacht. © 2010 Cisco and/or its affiliates. All rights reserved. 5 s Paul Robert Manager .! g n i r e e n o Engi ology, C n h c e T l Globa Friend [email protected] 960! Born: yland, 1 r a M , a d ! Bethes children 2 h t i w Married e: Residenc l! il Morgan H football Favorite imore Ravens! lt team: Ba ompany: c s u o i v Pre ! Verizon Request for Review Paul, I forward my thesis to you for review. Please open it and provide comments. www.Personal Site.com/Thesis_Draft.pdf Hope all is well since Verizon. Best regards, Friend © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Gartner 2012 Magic Quadrant Leader Führende Email Protection Lösungen Cisco Email Security schützt 50 % der Fortune 1000, mehr als 20 % der weltgrößten Unternehmen und die 10 größten Service Provider – Inbound und Outbound • DLP und Encryption • Targeted Attack / APT • • • Dedizierte Cloud Infrastruktur • Cloud Kapazität und Verfügbarkeit Garantiert • • Abwehr mit Cisco SIO Anti-Malware / Antivirus Outbreak Filter Mobile Smartphone Email Encryption Anti-Spam • Abwehr aufkommender • Passende Dimensionierung für den Einsatz in der eigenen Umgebung • Einfach zu betreiben IPv6 Bedrohungen CLOUD © 2010 Cisco and/or its affiliates. All rights reserved. EMAIL SECURITY FAMILY OF PRODUCTS APPLIANCES 7 Nutzung des Cisco Security Intelligence Operations Zero-Day Schutzmechanismen • 35% des Weltweiten Email Verkehrs • 75 TB Webdaten täglich • 13 Milliarden Web Requests • 1.6 Millionen Devices im Einsatz • Mehr als 150 Millionen Endgeräte Data & Content Yes Malware Email Reputation Filters Malware Scanning Outbreak Filters Spam Malware Blocked APPLIANCE CLOUD VIRTUAL Deployment Type © 2010 Cisco and/or its affiliates. All rights reserved. 8 Inbound Reputation Filtering Anti-Spam Anti-Virus Virus Outbreak Filters Asyncos™ MTA Platform Encryption Remediation DLP Content Filter Outbound © 2010 Cisco and/or its affiliates. All rights reserved. 9 Cisco Email Security blockt mit Reputation, Malware und Outbreak Filtern ? ? ? ?? ? ? Reputation Filters Malware Scans ? Outbreak Filters >99% Catch Rate Block 90% of Spam < 1/1M False Positives © 2010 Cisco and/or its affiliates. All rights reserved. 10 Vorher http://www.threatlink.com/ Friend [email protected] Request for Review Paul, Nachher http://secure-web.cisco.com/auth=X&URL=www.threatlink.com! I forward my thesis to you for review. Please open it and provide comments. www.Personal Site.com/Thesis_Draft.pdf Hope alls well since Verizon. Best regards, Friend © 2010 Cisco and/or its affiliates. All rights reserved. 11 7 M Updates per Day 1Tb Threat Telemetry Identified: Targeted Attack Content: Malware Payload Vector: Email Action: Blocked Friend [email protected] Request for Review Paul, I forward my thesis to you for review. Please open it and provide comments. www.Personal Site.com/Thesis_Draft.pdf Hope alls well since Verizon. Best regards, Friend © 2010 Cisco and/or its affiliates. All rights reserved. 12 Inbound Reputation Filtering Anti-Spam Anti-Virus Virus Outbreak Filters Asyncos™ MTA Platform Encryption Remediation DLP Content Filter Outbound © 2010 Cisco and/or its affiliates. All rights reserved. 14 Enfaches Policy Enforcement • Einfaches Setup • Wirksame Konditionen und Aktionen Blockt Attachments Erzwingt Compliance Userspezifische Regeln • Anpaßbare Mitteilungstemplates • Vorbereitete Policies and Lexikon für gängige Regularien © 2010 Cisco and/or its affiliates. All rights reserved. 15 Teil einer umfassenden DLP Lösung mit RSA – Einfach und Genau Email Security Data Loss Prevention Policies Incidents • Email Uptime • Threat Prevention • Policy Enforcement • Risk Policy Definition • Incident Management • Compliance © 2010 Cisco and/or its affiliates. All rights reserved. 16 Vollständige Kontextanalyse Akkurat Umfassend Integriert [email protected] G Q Prescription for J Smith We need to fax the following prescription information for Roger McMillan FEXOFENANDINE (ALLEGRA) 180 MG TABLET Proper name detection Dosage: Take 1 tablet by mouth daily Prescribed by Dr. Joseph A. Kennedy, MD on 7/22/10 Please delivery to pharmacy stat. ============================================== Matches are found in close proximity SSN: 331075839 SSN Numbers Name: Roger McMillan Medical Record: 06135443 Primary Care Provider: Blue Cross Blue Shield CA Rule is matched multiple times to increase score © 2010 Cisco and/or its affiliates. All rights reserved. Clinic: Stanford Hospital Address: 177 Bovet Road San Mateo, CA 94402 Unique rule matches are met 17 Abgestufte Optionen an Massnahmen Optionen für Massnahmen: Ausliefern, Quarantäne, Droppen oder Verschlüsseln Modifizieren: Disclaimer hinzufügen, Subject modifizieren Andere Informieren: Copy Admin oder Vorgesetzte Mitteilung: Sender oder Empfänger erhalten individuelle Nachricht © 2010 Cisco and/or its affiliates. All rights reserved. 18 Encryption auch auf auf Smartphones – Sichere Emails senden und öffnen For iPhone and Android CRES (Cisco Registered Envelope Service) Encrypting the email F4pQT5xYLj30TUDR3f Qrr79uMXCGt83ph9AS KJDL5k6rlLTOIU46MW OS2cFXU8vPsGG6sYR Username Password Vorgesetzter © 2010 Cisco and/or its affiliates. All rights reserved. Mitarbeiter 19 Email Security Web Security © 2010 Cisco and/or its affiliates. All rights reserved. 21 Vereinfachter Einsatz und Management Internet Internet Durchgängige Policy und Security für alle User Firewall Internet Cisco Web Firewall Security Appliance Single-box Lösung für einfachen Betrieb Traditional Appliances Web Proxy Multiple Malware Engines Web Proxy Kann Cisco AnyConnect™ 1 Malware Engine Client nutzen URL Filtering AVC Web Reputation Integriert sich einfach in URL Filtering vorhandene Cisco® Policy Infrastruktur Management SIO Updates Layer 4 Traffic Monitoring SIEM/DLP/SOCKS/FTP Reporting Policy Management Reporting Users © 2010 Cisco and/or its affiliates. All rights reserved. Users 22 Jeder Click, Jedes Objekt Layer 4 Traffic Monitor End User fragt Web Site an © 2010 Cisco and/or its affiliates. All rights reserved. Überwacht Ports und “phone home” Aktivitäten Reputation Analysis URL and Threat Outbreak Filters Multi-Engine Anti-Malware Web Reputation Score wird angewendet für die Site oder SubSites Filtert Content gemäß Policy, analsiert Web Elemente wie Files, Links, iframes, etc. Mehrere AV/AM Engines bieten Echtzeit Malware Inspection Fortlaufendes Monitoring verhindert Datenverlust und schützt vor dynamischen Bedrohungen 23 Bieten Schutz vor neuen Bedrohungen 80+ PH.D.S, CCIE, CISSP, MSCE 24x7x365 operations 40+ languages 600+ engineers, technicians and researchers $100M+ spent in dynamic research and development 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 1001 1101 1110011 0110011 101000 0110 00 0111000 Cisco SIO WWW Email Devices Web CWS IPS AnyConnect Networks Endpoints Visibility 1.6M global sensors 75TB data received per day 150M+ deployed endpoints 35% worldwide email traffic 13B web requests © 2010 Cisco and/or its affiliates. All rights reserved. Actions IPS Information Zero-day Erkennung Reputation basieredner Schutz Durchgängiges Enforcement WWW ESA ASA WSA Control 3 to 5 minute updates 5,500+ IPS signatures produced 8M+ rules per day 200+ parameters tracked 70+ publications produced 24 Applikationen: Visibilität und Kontrolle Breite… … Klassifizierung des gesamten Verkehrs 1.000+ Anwendungen MicroApp Engine Detaillierte Klassifizierung von ausgesuchtem Verkehr 75.000+ MicroApps Anwendungsverhalten Granulare Kontrolle des Anwendungs- und Anwenderverhaltens © 2010 Cisco and/or its affiliates. All rights reserved. 25 Vollständiger Context - Plus Threat Awareness Cisco SIO www.facebook.com © 2010 Cisco and/or its affiliates. All rights reserved. GO 26 CWS Cloud WSA Hotmail OnPremises WSA Enterprise DLP Integration © 2010 Cisco and/or its affiliates. All rights reserved. DLP Vendor Box 27 Firewall Integrated (ASA + AVC/WSE) Web/URL Filtering Cloud (Cloud Web Security) Appliance, Physical and Virtual (Web Security Appliance) " " " Ports (all) Protocols (all) Ports (80, 443) Protocols (HTTP(S)) Ports (21, 80, 443) Protocols (HTTP(S), FTP) URL/IP reputation filtering URL/IP reputation filtering plus multiple scanners for malware URL/IP reputation filtering plus multiple scanners for malware Remote User Security VPN backhaul Direct to cloud VPN backhaul Deployment On the firewall Redirect to cloud via Cisco® ASA, ISR, WSA, AnyConnect™ On-premises redirect On premises In the cloud On premises Based on ASA model 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y Application Visibility and Control (AVC) Malware Protection Policy and Reporting Licensing/ Subscription © 2010 Cisco and/or its affiliates. All rights reserved. 28 Vielen Dank.