Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Critical Business
infrastructure apps
Workplace
desktops
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The way we work Internet
has changed
Critical infrastructure Business apps
Amazon, Rackspace, Salesforce, Office 365,
Windows Azure, etc. G Suite, etc.
Critical Business
infrastructure apps
Workplace
desktops
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Users and apps have adopted the cloud , security must too
49% 82%
of the workforce admit to not using
is mobile the VPN
Security controls
must shift to the cloud
70% 70%
increase in of branch offices
SaaS usage have DIA
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Introducing
Cisco Umbrella
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Cisco Umbrella
Cloud security platform
Malware
Built into the foundation of the internet
C2 Callbacks
Phishing Intelligence to see attacks before launched
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Where does Umbrella fit?
Malware
C2 Callbacks
Phishing
Benefits
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
It all starts with DNS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Built into foundation of the internet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Intelligent proxy Requests for “risky” domains
AV Engines
File inspection
Cisco AMP
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Prevents connections before and during the attack
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Malware doesn’t just happen
Intelligence to see attacks before launched
Ransomware
Ransomware Web
Web server
server Malware
Malware Web
Web server
server
www
www www
www
Email
Email delivery
delivery Domain/IP
Domain/IP Malvertising
Malvertising Domain/IP
Domain/IP
ATTACK
ATTACK 1
1 ATTACK
ATTACK 2
2
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Our view of the internet
150B 90M
requests daily active
15K 160+
enterprise countries
per day users customers worldwide
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Intelligence to see attacks before launched
Data
Cisco Talos feed of malicious
domains Security researchers
Umbrella DNS data —
150B requests per day Industry renown researchers
Build models that can automatically
classify and score domains and IPs
Models
Dozens of models continuously
analyze millions of live events
per second
Automatically uncover malware,
ransomware, and other threats
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Our efficacy
3M+
daily new
60K+
daily malicious
7M+
malicious destinations
domain names destinations while resolving DNS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Visibility and protection for all activity, anywhere
Umbrella
HQ
Branch
Roaming laptops
Roaming
Every port and protocol
IDENTITY REPORTS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Local vs. global trends
for malicious domains
DESTINATION REPORTS
Quickly assess
extent of exposure
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Umbrella App Discovery and Blocking
Solve the three biggest challenges related to shadow IT
Visibility
Optimization
and blocking
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Integrations to amplify existing security
Block malicious domains from partner or custom systems
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
What sets Umbrella Fastest
and most reliable
apart from competitors cloud infrastructure
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Ransomware example
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Ransomware: mapping attacker infrastructure
? ? ?
Domain → IP Network → IP IP → Sample
Association Association Association
? ? ?
IP → Domain IP → Network WHOIS
Association Association Association
*.7asel7[.]top
LOCKY Umbrella
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
*.7asel7[.]top LOCKY
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Threat detected same day
domain was registered.
Network → Domain
Association Threat detected before
domain was registered.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Visualizing attacker infrastructure
AS197569
91.223.89.201
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Package Umbrella and
Investigate
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Cisco Umbrella
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Cisco Investigate
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Product demo
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Cisco Cloud Security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Easiest security product
you’ll ever deploy
1 Signup
Umbrella
Start blocking in minutes
2 Point your DNS
3 Done
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Conclusions
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
What’s Cisco Umbrella?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
What’s Cisco
Investigate?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38