Más contenido relacionado
La actualidad más candente (20)
Similar a Cisco connect winnipeg 2018 accelerating incident response in organizations of any size (20)
Cisco connect winnipeg 2018 accelerating incident response in organizations of any size
- 1. © 2016 Cisco and/or its affiliates. All rights reserved. 1
Accelerating Incident
Response in organizations
of Any Size
April, 2018
Sean Earhard
Advanced Threat Solution Specialist
Jean-Paul Kerouanton
Advanced Threat Solution CSE
- 2. 2© 2016 Cisco and/or its affiliates. All rights reserved.
9:36AM
- 3. 3© 2016 Cisco and/or its affiliates. All rights reserved.
How does your current security
infrastructure help you respond to
incidents?
- 4. 4© 2016 Cisco and/or its affiliates. All rights reserved.
ANTIVIRUS
ANTIVIRUS
Vendors pumping out
update after update
after update after
update…
Firewall
Web filter
Email filter
ANTIVIRUS SERVER
consoles pumping out
alert after alert after alert
after alert…
! ! ! !
- 5. 5© 2016 Cisco and/or its affiliates. All rights reserved.
Typical Incident Response workflow
- 6. 6© 2016 Cisco and/or its affiliates. All rights reserved.
INVESTIGATE
INCIDENTS
RECOVER
IMPROVE
DEFENSE
REDUCE THE
ATTACK
SURFACE
ALERTS
SECURITY
ARCHITECTURE
BLOCK
- 7. 7© 2016 Cisco and/or its affiliates. All rights reserved.
What we will show today
- 9. 9© 2016 Cisco and/or its affiliates. All rights reserved.
Email
Security
ThreatGrid
Umbrella
SIG
Cisco ISE
NextGen
Firewall
Email
Security
AMP for
Endpoints
AMP
AMP
AMP
AMP
Cisco ISE
Umbrella
Investigate
AMP AMP
CISCO
TALOS
- 10. 10© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco ISE
NextGen
Firewall
Cisco ISE
Email
Security
AMP for
Endpoints
Cisco ISE
Cisco ISE
ThreatGrid
Umbrella
SIG
Cisco ISE
NextGen
Firewall
Email
Security
AMP for
Endpoints
CISCO
TALOS
AMP
AMP
AMP
AMP
Umbrella
Investigate
AMP AMP
30+ day recorded history =
accelerated IR
Continuous analysis of that
recorded history =
automated hunting
- 11. 11© 2016 Cisco and/or its affiliates. All rights reserved.
COGNITIVE
THREAT
ANALYTICS
EMAIL
WEB
FIREWALL
MERAKI
UMBRELLA
THREATGRID
Blocking
AMP
Endpoint
AMP
- 12. 12© 2016 Cisco and/or its affiliates. All rights reserved.
Today’s IR scenarios
- 13. 13© 2016 Cisco and/or its affiliates. All rights reserved.
Want to try it out yourself?