SlideShare una empresa de Scribd logo

DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications

Cisco DevNet
Cisco DevNet

This talk discusses the problems of secure API development and how nation states break into Fortune 500 computers and what application developers can/need to do so that their applications don’t get broken in to and how products like Cisco's CCS Nimbus is protected from these problems. it also discusses the secure administration of systems like CCS as sysAdmins and their credentials are the #1 target for these types of attacks.

Tecnología
1 de 36
Descargar para leer sin conexión
for Hosted Applications Targeted Threat Defense Dave Jones davej@cisco.com June, 2015
2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why we are here?
3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why am I here?
4© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why are we here? Was looking like this:
5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Ask dave 5% of SySAdmin accounts or their laptops may be compromised at any moment
6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential http://www.securityweek.com/research-finds-1-percent-online-ads-malicious 1% of 600K Add sites surveyed are hosting Malware
7© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Top 10 varieties of threat actions over time Source: 2014 Verizon Data Breach Investigation Report
8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential By the numbers Source Verizon 2015 DBIR
9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Source: Verizon 2015 DBIR
10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99.9% OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED Source: Verizon 2015 DBIR
11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Nation State Run Book
12© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DataCenter Infestation & Lateral Movement 1.  User desktop infected WCE or Mimikatz is started 2.  Privileged user or Application logs in - WCE hijacks credentials 3.  Rootkit remotely installed on server in datacenter 4.  Super user performs task on datacenter server, malware hijacks credentials 5.  Malware spreads throughout datacenter Malware details •  Targeting older software (Flash, Word, Acrobat Reader, Java) •  Malware customized to avoid AV signatures •  Higher they get – the more unique the malware
13© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DataCenter Infestation - Remediation 1.  Super user logs in with SmartCard and has scoped access to other hosts 2.  Malware not propagated throughout data center 3.  Prevent privileged user or Application from logging into desktop. 4.  Privileged user instead logs into administrator station. 5.  Malware is not spread to data center 6.  Upgrade Applications and Operating System baseline and Train Users 7.  Initial attack fails
14© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Controls
15© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Administration Controls Security Control Point Production Resources Administration End point
16© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  Sandbox Detonation •  pDNS •  NetFlow •  Host Based IP/DS on low value computers •  Windows Event Logs •  Log all of these to the same place so they can be correlated Monitoring and Detection
17© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Control Use Cases
18© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Blocking Lateral movement Scoped Access with GPOs
19© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  Registry keys created or modified •  Services running where file is outside of system32 •  Executable executed •  Accounts trying to log into hosts that they are not authorized to log into Security Configuration Management With Windows Event logs and App Locker
20© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network device product management Only allow SSH From SCP Programmatic Interface
21© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM product management suite Client and Management Traffic over HTTPS ClientApp Admin UI App Replication
22© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Virtual Machine hosting product(s) UCS VMWare or OpenStack/KVM Tenant1 TenantXTenant3Tenant2 CSG Common Identity or DSX Commodity dual Internal Admin Token ACLs Blocking Admin Ports SCP Web Server Plugin Infra Admin Internal Tenant Partner Authentication Mechanism
23© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mail Server product management Only allow SSH From SCP BSDi Mail Appliances Appliance Mail Servers Only allow PwrShell from Prov Box Linux SCP
24© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application to Application
25© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Simple Application Credential Management Application 1 Application B Logged Sudo Access to Credential
26© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remove the Credential From the Application Get Creds Application 1 Application B
27© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential App to App - Target OAuthToken request flow Application 1 Application B TLS EncryptedTunnel Machine Certificate Machine Certificate User JanDoe Delegated JanDoe Encrypted Storage
28© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HSM • TPM • USB • Files…. Certificate Storage
29© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Best Practice - pxGrid
30© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Certificates pxGrid Example
31© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Platform Exchange Grid – pxGrid Network-Wide Context Sharing That Didn’t Work So Well! pxGrid  Context   Sharing   Single  Framework   Direct,  Secured  Interfaces   I have NBAR info! I need identity… I have firewall logs! I need identity… SIO I have sec events! I need reputation… I have NetFlow! I need entitlement… I have reputation info! I need threat data… I have MDM info! I need location… I have app inventory info! I need posture… I have identity & device-type! I need app inventory & vulnerability… I have application info! I need location & auth-group… I have threat data! I need reputation… I have location! I need identity… BENEFITS of pxGrid, it can… •  Establish that secure TLS tunnel for you •  Be leveraged as your communications bus with XMPP Including discovery of services available •  Verify Integrity of each endpoint communicating in the Grid •  Be used without you writing *that* code
32© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential In Action pxGrid Radius 1.802.1X User Session Publish User SGT Device Location Auth User Meta Data User Group ISE Server Switch Internet FireSIGHT Management Center Sensor User Meta Data
33© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  development SDK and client information. https://developer.cisco.com/site/pxgrid/ pxGrid – More Information
34© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Best Practice - SDN
35© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Security Monitoring on Demand Solution: Topology Independent Investigation Opportunity: Deliver scalable, topology-independent, automated means of capturing traffic and delivering into the appropriate incident response analysis tooling addressing •  East-West •  Branch Split Tunnel •  Inspection gap The How: Controller Managed access layer Automated Targeted Copy and Transport to Investigation Service with Declarative Control APIC-EM Solution: •  Context Informed Targeting through ISE context plus network filter •  Copy through ERSPAN •  Topology Independence – Routable Encapsulation •  Automation through Controller minimizing configuration risk •  Declarative Control – ISE session awareness APIC-DC Solution Concept: •  Targeted - Applied to the endpoint(s) wanting to monitor, not the endpoint(s) EPG. Push XML to activate policy label for ‘this contract’ or ‘this graph’, etc. •  Copy – introduce copy policy for full copy of requested traffic •  Topology Independence - Insert a service to process the copied traffic •  Automation through APIC-DC Controller dynamically adding investigation service in path or out of band •  APIC-DC providing Declarative Control fireSIGHT ISE Application APIC- EM SecOps Internet Lab Intranet SCP Source: Ken Beck SecOps
DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications

Recomendados

Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
Cisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideCisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideAlberto Rivai
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 

Recomendados

Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
Cisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideCisco Wireless LAN Controller Palo Alto Networks Config Guide
Cisco Wireless LAN Controller Palo Alto Networks Config GuideAlberto Rivai
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionCisco Canada
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveMoti Sagey מוטי שגיא
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...OWASP
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick StartContent Rules, Inc.
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)Dr. Ebele Mogo
 
คอม
คอมคอม
คอมKawinna Mitda
 

Más contenido relacionado

La actualidad más candente

Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionCisco Canada
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...OWASP
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 

La actualidad más candente (20)

Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's Malware
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
 
Presentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER ServicesPresentación - Cisco ASA with FirePOWER Services
Presentación - Cisco ASA with FirePOWER Services
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
Two for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content ProtectionTwo for Attack: Web and Email Content Protection
Two for Attack: Web and Email Content Protection
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 

Destacado

A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)Dr. Ebele Mogo
 
Flare APIs Overview
Flare APIs OverviewFlare APIs Overview
Flare APIs OverviewCisco DevNet
 
Cross-Platform Software Design
Cross-Platform Software DesignCross-Platform Software Design
Cross-Platform Software DesignMichael Henson
 
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)Dr. Ebele Mogo
 
Introduction to the DevNet Sandbox
Introduction to the DevNet SandboxIntroduction to the DevNet Sandbox
Introduction to the DevNet SandboxCisco DevNet
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCisco DevNet
 
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
DEVNET-1164 Using OpenDaylight for Notification Driven WorkflowsDEVNET-1164 Using OpenDaylight for Notification Driven Workflows
DEVNET-1164 Using OpenDaylight for Notification Driven WorkflowsCisco DevNet
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud TechnologiesDEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud TechnologiesCisco DevNet
 

Destacado (13)

A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)A Global Education ( A Presentation By Ebele Mogo, DrPH)
A Global Education ( A Presentation By Ebele Mogo, DrPH)
 
คอม
คอมคอม
คอม
 
Flare APIs Overview
Flare APIs OverviewFlare APIs Overview
Flare APIs Overview
 
คอม
คอมคอม
คอม
 
Cross-Platform Software Design
Cross-Platform Software DesignCross-Platform Software Design
Cross-Platform Software Design
 
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
Creating and managing a non-profit ( A Presentation By Ebele Mogo, DrPH)
 
Introduction to the DevNet Sandbox
Introduction to the DevNet SandboxIntroduction to the DevNet Sandbox
Introduction to the DevNet Sandbox
 
Askep hipertensi
Askep hipertensiAskep hipertensi
Askep hipertensi
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
 
Humic acid technical data sheet
Humic acid technical data sheetHumic acid technical data sheet
Humic acid technical data sheet
 
Naizak presentation
Naizak presentationNaizak presentation
Naizak presentation
 
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
DEVNET-1164 Using OpenDaylight for Notification Driven WorkflowsDEVNET-1164 Using OpenDaylight for Notification Driven Workflows
DEVNET-1164 Using OpenDaylight for Notification Driven Workflows
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud TechnologiesDEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud Technologies
 

Similar a DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications

Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Mfg workshop security
Mfg workshop securityMfg workshop security
Mfg workshop securityRobert Albach
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connectNur Shiqim Chok
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR SessionFelipe Lamus
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Canada
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Canada
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 

Similar a DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications (20)

Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Mfg workshop security
Mfg workshop securityMfg workshop security
Mfg workshop security
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Protegendo sua rede
Protegendo sua redeProtegendo sua rede
Protegendo sua rede
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 

Más de Cisco DevNet

How to Contribute to Ansible
How to Contribute to AnsibleHow to Contribute to Ansible
How to Contribute to AnsibleCisco DevNet
 
Rome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsRome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsCisco DevNet
 
How to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsHow to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsCisco DevNet
 
Cisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable WebCisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable WebCisco DevNet
 
Device Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionDevice Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionCisco DevNet
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APICisco DevNet
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowCisco DevNet
 
WAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveWAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveCisco DevNet
 
Cisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open DiscussionCisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open DiscussionCisco DevNet
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Cisco DevNet
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesCisco DevNet
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveCisco DevNet
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOpsCisco DevNet
 
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...Cisco DevNet
 
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsGetting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsCisco DevNet
 
Cisco Spark & Tropo API Workshop
Cisco Spark & Tropo API WorkshopCisco Spark & Tropo API Workshop
Cisco Spark & Tropo API WorkshopCisco DevNet
 
Coding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using SparkCoding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using SparkCisco DevNet
 
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco DevNet
 
DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016Cisco DevNet
 
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016Cisco DevNet
 

Más de Cisco DevNet (20)

How to Contribute to Ansible
How to Contribute to AnsibleHow to Contribute to Ansible
How to Contribute to Ansible
 
Rome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsRome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat bots
 
How to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsHow to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and Chatbots
 
Cisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable WebCisco Spark and Tropo and the Programmable Web
Cisco Spark and Tropo and the Programmable Web
 
Device Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionDevice Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play Solution
 
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APIBuilding a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap API
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
 
WAN Automation Engine API Deep Dive
WAN Automation Engine API Deep DiveWAN Automation Engine API Deep Dive
WAN Automation Engine API Deep Dive
 
Cisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open DiscussionCisco's Open Device Programmability Strategy: Open Discussion
Cisco's Open Device Programmability Strategy: Open Discussion
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
 
OpenStack Enabling DevOps
OpenStack Enabling DevOpsOpenStack Enabling DevOps
OpenStack Enabling DevOps
 
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
NetDevOps for the Network Dude: How to get started with API's, Ansible and Py...
 
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsGetting Started: Developing Tropo Applications
Getting Started: Developing Tropo Applications
 
Cisco Spark & Tropo API Workshop
Cisco Spark & Tropo API WorkshopCisco Spark & Tropo API Workshop
Cisco Spark & Tropo API Workshop
 
Coding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using SparkCoding 102 REST API Basics Using Spark
Coding 102 REST API Basics Using Spark
 
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer ConferenceCisco APIs: An Interactive Assistant for the Web2Day Developer Conference
Cisco APIs: An Interactive Assistant for the Web2Day Developer Conference
 
DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016
 
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

DEVNET-1190 Targeted Threat (APT) Defense for Hosted Applications

  • 1. for Hosted Applications Targeted Threat Defense Dave Jones davej@cisco.com June, 2015
  • 2. 2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why we are here?
  • 3. 3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why am I here?
  • 4. 4© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Why are we here? Was looking like this:
  • 5. 5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Ask dave 5% of SySAdmin accounts or their laptops may be compromised at any moment
  • 6. 6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential http://www.securityweek.com/research-finds-1-percent-online-ads-malicious 1% of 600K Add sites surveyed are hosting Malware
  • 7. 7© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Top 10 varieties of threat actions over time Source: 2014 Verizon Data Breach Investigation Report
  • 8. 8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential By the numbers Source Verizon 2015 DBIR
  • 9. 9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Source: Verizon 2015 DBIR
  • 10. 10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99.9% OF THE EXPLOITED VULNERABILITIES WERE COMPROMISED MORE THAN A YEAR AFTER THE CVE WAS PUBLISHED Source: Verizon 2015 DBIR
  • 11. 11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Nation State Run Book
  • 12. 12© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DataCenter Infestation & Lateral Movement 1.  User desktop infected WCE or Mimikatz is started 2.  Privileged user or Application logs in - WCE hijacks credentials 3.  Rootkit remotely installed on server in datacenter 4.  Super user performs task on datacenter server, malware hijacks credentials 5.  Malware spreads throughout datacenter Malware details •  Targeting older software (Flash, Word, Acrobat Reader, Java) •  Malware customized to avoid AV signatures •  Higher they get – the more unique the malware
  • 13. 13© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential DataCenter Infestation - Remediation 1.  Super user logs in with SmartCard and has scoped access to other hosts 2.  Malware not propagated throughout data center 3.  Prevent privileged user or Application from logging into desktop. 4.  Privileged user instead logs into administrator station. 5.  Malware is not spread to data center 6.  Upgrade Applications and Operating System baseline and Train Users 7.  Initial attack fails
  • 14. 14© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Controls
  • 15. 15© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Administration Controls Security Control Point Production Resources Administration End point
  • 16. 16© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  Sandbox Detonation •  pDNS •  NetFlow •  Host Based IP/DS on low value computers •  Windows Event Logs •  Log all of these to the same place so they can be correlated Monitoring and Detection
  • 17. 17© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Control Use Cases
  • 18. 18© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Blocking Lateral movement Scoped Access with GPOs
  • 19. 19© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  Registry keys created or modified •  Services running where file is outside of system32 •  Executable executed •  Accounts trying to log into hosts that they are not authorized to log into Security Configuration Management With Windows Event logs and App Locker
  • 20. 20© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network device product management Only allow SSH From SCP Programmatic Interface
  • 21. 21© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential MDM product management suite Client and Management Traffic over HTTPS ClientApp Admin UI App Replication
  • 22. 22© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Virtual Machine hosting product(s) UCS VMWare or OpenStack/KVM Tenant1 TenantXTenant3Tenant2 CSG Common Identity or DSX Commodity dual Internal Admin Token ACLs Blocking Admin Ports SCP Web Server Plugin Infra Admin Internal Tenant Partner Authentication Mechanism
  • 23. 23© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mail Server product management Only allow SSH From SCP BSDi Mail Appliances Appliance Mail Servers Only allow PwrShell from Prov Box Linux SCP
  • 24. 24© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Application to Application
  • 25. 25© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Simple Application Credential Management Application 1 Application B Logged Sudo Access to Credential
  • 26. 26© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Remove the Credential From the Application Get Creds Application 1 Application B
  • 27. 27© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential App to App - Target OAuthToken request flow Application 1 Application B TLS EncryptedTunnel Machine Certificate Machine Certificate User JanDoe Delegated JanDoe Encrypted Storage
  • 28. 28© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • HSM • TPM • USB • Files…. Certificate Storage
  • 29. 29© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Best Practice - pxGrid
  • 30. 30© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Certificates pxGrid Example
  • 31. 31© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cisco Platform Exchange Grid – pxGrid Network-Wide Context Sharing That Didn’t Work So Well! pxGrid  Context   Sharing   Single  Framework   Direct,  Secured  Interfaces   I have NBAR info! I need identity… I have firewall logs! I need identity… SIO I have sec events! I need reputation… I have NetFlow! I need entitlement… I have reputation info! I need threat data… I have MDM info! I need location… I have app inventory info! I need posture… I have identity & device-type! I need app inventory & vulnerability… I have application info! I need location & auth-group… I have threat data! I need reputation… I have location! I need identity… BENEFITS of pxGrid, it can… •  Establish that secure TLS tunnel for you •  Be leveraged as your communications bus with XMPP Including discovery of services available •  Verify Integrity of each endpoint communicating in the Grid •  Be used without you writing *that* code
  • 32. 32© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential In Action pxGrid Radius 1.802.1X User Session Publish User SGT Device Location Auth User Meta Data User Group ISE Server Switch Internet FireSIGHT Management Center Sensor User Meta Data
  • 33. 33© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •  development SDK and client information. https://developer.cisco.com/site/pxgrid/ pxGrid – More Information
  • 34. 34© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Best Practice - SDN
  • 35. 35© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Security Monitoring on Demand Solution: Topology Independent Investigation Opportunity: Deliver scalable, topology-independent, automated means of capturing traffic and delivering into the appropriate incident response analysis tooling addressing •  East-West •  Branch Split Tunnel •  Inspection gap The How: Controller Managed access layer Automated Targeted Copy and Transport to Investigation Service with Declarative Control APIC-EM Solution: •  Context Informed Targeting through ISE context plus network filter •  Copy through ERSPAN •  Topology Independence – Routable Encapsulation •  Automation through Controller minimizing configuration risk •  Declarative Control – ISE session awareness APIC-DC Solution Concept: •  Targeted - Applied to the endpoint(s) wanting to monitor, not the endpoint(s) EPG. Push XML to activate policy label for ‘this contract’ or ‘this graph’, etc. •  Copy – introduce copy policy for full copy of requested traffic •  Topology Independence - Insert a service to process the copied traffic •  Automation through APIC-DC Controller dynamically adding investigation service in path or out of band •  APIC-DC providing Declarative Control fireSIGHT ISE Application APIC- EM SecOps Internet Lab Intranet SCP Source: Ken Beck SecOps