Cisco Cisco ScanSafe Web Security Information Guide
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 8
Case Study
CUSTOMER PROFILE
Industry: Oil and Gas
Employees: ~15,000
Operations: Global
Security personnel: 12
Other security measures: Antivirus, Firewall,
Intrusion Detection System (IDS), Security
Employees: ~15,000
Operations: Global
Security personnel: 12
Other security measures: Antivirus, Firewall,
Intrusion Detection System (IDS), Security
Information and Event Management (SIEM)
CHALLENGE
● Detect advanced threats delivered through
web-based traffic, which can evade legacy
security solutions and become embedded in
the corporate network
security solutions and become embedded in
the corporate network
● Develop actionable intelligence to help
security team prioritize threats
● Identify single solution that can be deployed
across distributed environment, integrate with
existing security infrastructure, and provide
protection across entire attack continuum
existing security infrastructure, and provide
protection across entire attack continuum
SOLUTION
● Cisco CWS Premium, which includes all
features in Cisco CWS Essentials
● Cognitive Threat Analytics (CTA) and
Advanced Malware Protection (AMP) to
automate search for high-risk threats in web
traffic and provide visibility into advanced
automate search for high-risk threats in web
traffic and provide visibility into advanced
attacks actively operating in corporate network
RESULTS
● Persistent and previously undiscovered
malware infection identified and resolved
● Threat protection now exists across the entire
attack continuum
● Customer’s security team can now focus on
addressing the most significant threats
Cisco Solution Protects Before, During, and
After Attack
Cisco Cloud Web Security Premium helps global oil and gas company discover and
resolve persistent ransomware infection.
resolve persistent ransomware infection.
Challenges
Content security has never been more challenging in an era where the
theft or compromise of corporate data is often the primary incentive for
an attack. According to the Cisco 2014 Annual Security Report, Cisco
researchers found that 100 percent of business networks they analyzed
had traffic going to websites that host malware.
theft or compromise of corporate data is often the primary incentive for
an attack. According to the Cisco 2014 Annual Security Report, Cisco
researchers found that 100 percent of business networks they analyzed
had traffic going to websites that host malware.
1
They also determined
through their observation of this activity that when these networks had
been penetrated, it was likely that they had been compromised for some
time and that the core infiltration had not been detected.
been penetrated, it was likely that they had been compromised for some
time and that the core infiltration had not been detected.
2
The following factors are making it especially difficult for security teams
to prevent and detect threats:
to prevent and detect threats:
●
Mobility and cloud, without proper security measures, are
reducing visibility and increasing security complexity. As more
organizations embrace cloud computing, virtualization, mobile
and remote working, and the bring-your-own-device (BYOD)
trend, more and more data is moving outside of enterprise
control. The network is becoming more porous, creating more
vectors for attack. And as more business-critical services are
moved to the cloud and accessed outside of the company’s
secured perimeter, the attack surface will only continue to
expand.
reducing visibility and increasing security complexity. As more
organizations embrace cloud computing, virtualization, mobile
and remote working, and the bring-your-own-device (BYOD)
trend, more and more data is moving outside of enterprise
control. The network is becoming more porous, creating more
vectors for attack. And as more business-critical services are
moved to the cloud and accessed outside of the company’s
secured perimeter, the attack surface will only continue to
expand.
●
Advanced adversaries, according to the Cisco 2014 Annual
Security Report, are “proactively working to understand what type
of security solutions are being deployed and shifting to less
visible, less content-detectable patterns of behavior so their
threats are well concealed.”
Security Report, are “proactively working to understand what type
of security solutions are being deployed and shifting to less
visible, less content-detectable patterns of behavior so their
threats are well concealed.”
3
This strategy means less “low-hanging fruit” is available for security solutions
and professionals to detect, and organizations will face “more cipher traffic, more scrambling, and more
randomization by malicious actors to make command-and-control (C&C) behaviors indistinguishable from
real traffic.”
randomization by malicious actors to make command-and-control (C&C) behaviors indistinguishable from
real traffic.”
4
1
Cisco 2014 Annual Security Report:
http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf
.
2
Ibid.
3
Ibid.
4
Ibid.