Intelligent Cybersecurity for the Real World
Cisco Cybersecurity Pocket Guide ®
EME MEA A 20 201 15
Content What an Opportunity! • Security Investment is a Top Priority Why Cisco? • Cisco is the Leading Security Company • Market Recognition • Security Intelligence & Resear Research ch The Cisco Security Strategy • The Security Challenge • The Threat Threat-Centric -Centric Security Model What to Sell - Focus Products • Network Security • Advanced Malware Protection • Web- & Email-Security • Secure Access & Secure Mobility • Attach Security to Your Data Center Deals Security Channel Partner Program • Security Architectur Architecture e Specialisations • Incentives & Promotions • Demand Generation & Demo
2
© 2014 Cisco and/or its aliates. All rights reserved.
What an Opportunity! Security Investment is a Top Priority
56%
73%
51%
of organisations state
of organisations state
of organisations say
IT security is critical in meeting their top business objectives
that IT security is one of the top 5 priority areas for IT investment for the next scal year
IT security is more important than other IT initiatives
Source: Cisco Annual Security Report 2014
Security: The Critical Boardroom Topic • There is mounting concern at the senior executive and board level regarding information security. • Chief Information Security Ocers (CISOs) are challenged to push boardroom discussions into additional security investment. • Security breaches mean lost intellectual property, compromised customer information and condence, and valuation impact. • These are critical considerations as organizations become more agile and try to grow their business models in the face of the evolving trends of mobility, cloud computing, and advanced targeted attacks.
Partner Condential
3
Why Cisco? Cisco is The Leading Security Company “Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.” “Cisco is disrupting the advanced threat defense industry.”
“So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.” 2014 Vendor Rating for Security: Positive
“… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.”
“The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”
Market Recognition © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Cisco is Leader in four Gartner Magic Quadrants: • Magic Quadrant for Network Access Control, Dec 2013 • Magic Quadrant for Intrusion Prevention Systems, Dec 2013 • Magic Quadrant for Secure Web Gateways, June 2014 • Magic Quadrant for Secure Email Gateways, July 2014 Cisco’s Security portfolio has been rated “Positive” in Gartner’s Vendor Rating 2014.
We licensed online versions of the Gartner reports for distribution. Ask us for the access links!
4
© 2014 Cisco and/or its aliates. All rights reserved.
Why Cisco? NSS Labs Next-Generation Firewall Reports 2014 Cisco ASA with FirePOWER Services Excels! NSS Labs conducted the most rigorous next-generation rewall testing to date. Cisco ASA with FirePOWER Services excelled when compared to other tested products. The industry’s rst, threat-focused NGFW is now also the rst in security eectiveness, according to NSS Labs reports. Next Generation Firewall (NGFW) Security Value MapTM Cisco (2)
Cisco (3)
100%
Cisco (1)
Dell SonicWALL Check Point
WatchGuard Fortinet (1) McAfee
95%
Fortinet (2)
Average Barracuda
90%
Cyberoam
85%
80%
75%
Product Legend Barracuda F800b Check Point 13500
70%
Cisco (1) FirePOWER 8350 Cisco (2) ASA 5525-X Cisco (3) ASA 5585-X SSP60 Cyberoam CR2500iNG-XP Dell SonicWALL SuperMassive E10800 Fortinet (1) FortiGate-3600C
65%
Fortinet (2) FortiGate-1500D McAfee NGF-1402 Palo Alto Networks PA-3020 WatchGuard XTM1525
Palo Alto Networks
60% e g a r e v A
$70
$60
$50
$40
$30
$20
September 2014
$10
55% $0
TCO per Protected-Mbps
Source: NSS Labs 2014 Security Value Map™
Download your copies of the reports, and share the link with your customers!
http://cisco.com/go/nssngfw2014 Partner Condential
5
Why Cisco? Cisco Talos Security Intelligence & Research Group More Than Just a Traditional Response Team The Cisco Talos Security Intelligence and Research Group is comprised of elite cybersecurity experts whose threat intelligence detects, analyses, and protects against both known and emerging threats by aggregating and analyzing Cisco’s unrivaled telemetry data of • 1.1 million incoming malware samples per day • 4.2 billion web ltering blocks per day • 1 billion sender base reputation queries per day • 100 TB of data received per day More than just a traditional response
Available 7 x 24 x 365
organization, Talos works around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware and vulnerabilities with
new rules, signatures, le analysis and security tools to better protect Cisco customers. Talos also maintains the ocial rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop.
Cisco Security Research: www.cisco.com/security/center/home.x Cisco 2014 Midyear Security Report: www.cisco.com/go/msr2014
6
© 2014 Cisco and/or its aliates. All rights reserved.
Why Cisco? Cisco is Serious about Security. We are Transforming to Harness the Opportunity.
Cisco is Transforming Our objective is to be our customers’ #1 Trusted Security Advisor • New Focus on Security: Investment and momentum in Security to create the industry’s broadest solution portfolio • New Go-To-Market Approach: Empowered, dedicated Security organisation – the Global Security Sales Organisation • New Security Partner Program: Incentives, promotions and new security specialisations for higher partner proftability
Partner Condential
7
The Cisco Security Strategy Security Challenges A combination of three major realities that exist today has made the task of defending a network more dicult than ever, while helping attackers to nd new ways to evade the defences.
Changing Business Models - The Internet of Everything will accelerate the degree of change in the years to come, making it even more dicult to defend the organisation.
Dynamic Threat Landscape - The attackers have become much more sophisticated and the attacks have moved from static to dynamic. Without near real-time discovery capabilities an organisation will be at a signicant disadvantage. Complexity and Fragmentation - Most organisations have dozens of security technologies that do not interoperate, and this is exacerbated by a signicant lack of security specialists available in the market.
8
© 2014 Cisco and/or its aliates. All rights reserved.
The Cisco Security Strategy The Attack Continuum The best way to communicate the totality of the challenge is to look at the attack continuum. There are three stages to an attack: Before, During, and After.
Attack Continuum
Network
Endpoint
Point in Time
Mobile
Virtual
Cloud
Continuous
Before an attack - Organisations need to know what they are defending. They need to know what is on their network to be able to defend it (devices, operating systems, applications, users …) During an attack – When attackers get through, the customers need to be able to detect them. Once they detect the attack, they will be able to block them and defend the environment. After the attack – Invariably, some attacks will be successful, and customers need to be able to determine the scope of the damage, remediate, and bring operations back to normal.
Partner Condential
9
The Cisco Security Strategy The Threat-Centric Security Model: An Integrated, Open, Pervasive, and Continuous Approach By taking a threat-centric and operational approach to security, organisations can reduce complexity and fragmentation, while providing superior visibility, continuous control, and advanced threat protection across the extended network and the entire attack continuum.
Consistent Control
Unmatched Visibility
Global Intelligence With the Right Context
Consistent Policies Across the Network and Data Center
Threat Protection
Detects and Stops Advanced Threats
Reduced Complexity
Fits and Adapts to Changing Business Models
Visibility-Driven - Get global intelligence and context for deeper insights and better decisions.
Threat-Focused - Detect, understand, and stop threats across the entire attack continuum Platform-Based - Reduce fragmentation by using a platform-based approach to protect the network, devices and the Cloud.
10
© 2014 Cisco and/or its aliates. All rights reserved.
The Cisco Security Strategy Only Cisco Delivers: Platform-based solutions that integrate into an overall security system.
Attack Continuum
Firewall
VPN
NGIPS
Advanced Malware Protection
NGFW
UTM
Web Security
Network Behavior Analysis
NAC + Identity Services
Email Security
Malware Sandboxing
Security Services
Context-aware Security - Including physical and virtual hosts, operating systems, applications, services, protocols, users, content and network behaviour. Continuous Security - Aggregate and correlate data from across the extended network, discriminating between active attacks and reconnaissance versus simply background noise. Retrospective Security - Detect malware that is sophisticated enough to alter its behaviour to avoid detection, and evaluate full packet capture in order to successfully remediate.
Partner Condential
11
What to Sell – Focus Products Next-Generation Network & Data Center Security Protect high-value data and data center resources with threat defence, secure virtualisation, segmentation, and policy control.
Cisco ASA 5500-X with FirePOWER Services (NGFW) • Industry’s rst threat-focused NGFW • Combines ASA rewall with Cisco Next-Generation IPS (NGIPS) and Advanced Malware Protection (AMP) • Platform series with wide range of sizes and form factors
Cisco ASA 5585-X with FirePOWER Services (NGFW) • Purpose-build security appliance for data centers • Highest performance, resiliency, and scalability through leading-edge clustering • Combines ASA rewall with Cisco Next-Generation IPS (NGIPS) and Advanced Malware Protection (AMP)
Cisco FirePOWER™ Next-Generation IPS (NGIPS) • The most advanced threat protection in the industry • Industry-leading throughput, threat detection ecacy, and low TCO • Platform series with wide range of sizes and form factors
Cisco FireSight Management Center • Centrally manages operational functions for ASA with FirePOWER Services and FirePOWER NGIPS • Automatically aggregates and correlates information • Reduces cost by streamlining operations and automating recurring analysis and management tasks
12
© 2014 Cisco and/or its aliates. All rights reserved.
What to Sell – Focus Products Next-Generation Network & Data Center Security Reduce complexity while gaining superior visibility, consistent control, and advanced threat protection across the entire attack continuum.
Cisco ASA Virtual Appliance (ASAv) • Fully integrated Application Centric Infrastructure (ACI) security • Consistent transparent security across physical, virtual, ACI, SDN, and Cloud • vSwitch support for Cisco, hybrid, and non-Cisco data centers
Cisco Virtual Next-Generation IPS for VMware • Virtualised oering of Cisco FirePOWER NGIPS solution • Reclaim visibility lost when virtualizing • Extend Payment Card Industry (PCI) compliance to virtual environments
Cisco Virtual Security Gateway • Integrates with Cisco Nexus 1000V virtual switch • Delivers security policy enforcement and visibility at a virtual machine level • Logically isolates applications in virtual data centers and multi-tenant environments • Enforces separation of duties between security and server administrators
Cisco ASA 1000V Cloud Firewall • Integrates with the Cisco Nexus 1000V virtual switch • Employs proven ASA technology • Spans and helps to secure multiple VMware ESX hosts • Enables consistency across physical, virtual, and cloud infrastructures
Partner Condential
13
What to Sell – Focus Products The Cisco ASA Refresh Opportunity in Detail Migrate from ASA 5500 End-of-Life Products Migrate to: • ASA 5500-X with FirePOWER Services products • Include Technical Support Services Key Selling Points: • Migrate to the new threat-focused NGFW that delivers multi-layered protection, improved visibility, and reduced security cost and complexity • Obtain integrated threat defence across the entire attack continuum by combining proven ASA NGFW capabilities with industry-leading Cisco NGIPS and AMP Up-Sell: • Cisco Security Migration Services • Cisco Network Device Security Assessment Services • If appropriate: Cisco ISE and ISE Assessment Services
Upgrade from ASA 5500-X without FirePOWER Services Upgrade to: • FirePOWER Services for Cisco ASA • Include Cisco FirePOWER Services Subscription for AMP and URL Filtering Key Selling Points: • Same as Migration Key Selling Points Up-Sell: • Same as Migration Up-Sell opportunities
14
© 2014 Cisco and/or its aliates. All rights reserved.
What to Sell – Focus Products The Cisco ASA Refresh Opportunity in Detail Migrate from Cisco IPS 4200 End-of-Sale Products, or from Cisco IPS 4300 and 4500 Series Migrate to: • Industry-leading Cisco FirePOWER 7000 and 8000 Series Next-Generation IPS (NGIPS) • Include Cisco FirePOWER Services Subscription for AMP and URL Filtering Key Selling Points: • Dedicated NGIPS / AMP appliance • Very high throughput (>6 Gbps transactional IPS) Up-Sell: • Cisco Security Migration Services • Cisco Network Device Security Assessment Services • If appropriate: Cisco ISE and ISE Assessment Services
Offer to Network-Centric Buyers: Convergence Cisco ASA with FirePOWER Services allows convergence of the ASA platform and Sourcere IPS, AMP, URL Filtering
Offer for Security-Centric Buyers: “Better Together” Cisco ASA 5500-X Series plus FirePOWER 7000 or 8000 Series as best-in-class solutions
Partner Condential
15
What to Sell – Focus Products Advanced Malware Protection Cisco Advanced Malware Protection provides the continuous analysis and advanced analytics that support Cisco’s Retrospective Security capabilities.
Unlike the many point-in-time solutions on the market, Cisco Advanced Malware Protection oers protection across the full attack continuum.
Point-in-time Detection: Antivirus /Sandboxing
Analysis Stops Sleep Techniques Unknown Protocols Encryption Polymorphism
Initial Disposition = Clean
Retrospective Detection: AMP
Actual Disposition = Bad Analysis Continues
Initial Disposition = Clean
Actual Disposition = Bad 1
“AMP Everywhere” - We oer the industry’s broadest portfolio of integrated Advanced Malware Protection solutions • AMP for Cisco Web Security • AMP for Cisco Cloud Web Security • AMP for Cisco Email Security • AMP for Networks • AMP for Endpoints • Integrated in ASA with FirePOWER Services
16
© 2014 Cisco and/or its aliates. All rights reserved.
What to Sell – Focus Products Web- & Email Security Cisco’s Content Security portfolio protects organisations from evolving email and web threats. Email and Web security are critical components of a holistic security strategy and represent a multibillion dollar market in Europe.
Cisco Email Security (Appliances & Cloud-based) • Fights spam, viruses, and blended threats for organisations of all sizes • Enforces compliance and protects reputation and brand assets
• Also available as Cloud-based and Hybrid solution (onsite appliance + Cloud)
Cisco Web Security (Appliances & Cloud-based) • Proactive security, application visibility, and control for all users
• Extend real-time protection and policy enforcement to remote employees • Also available as Cloud-based solution and Cloud-based integrated with Cisco rewalls
Opportunity! • Leverage AMP integration as a key competitive dierentiator (“AMP Everywhere”) • Check out www.cisco.com/go/promotions for latest Security Incentives and Promos
Partner Condential
17
What to Sell – Focus Products Secure Access & Mobility Enhance network visibility and control with identity-aware secure access solutions.
Cisco Identity Services Engine (ISE) • Security policy management platform that enforces secure access to network resources (wired, wireless, and VPN) • Accurately identies every user and device that connects to the network
Cisco Network Admission Control (NAC) • Enforces network security policies by allowing access only to trusted devices • Blocks access by noncompliant devices and limits damage from emerging threats and risks
Cisco TrustSec® • Secure network access based on rich contextual data (“who, what, where, when, how”) • Automates rewall rules and access control list administration, uses plain-language policies • Embedded in the operating systems of Cisco ISE, Catalyst and Nexus switches, Integrated Services Routers, and ASA rewalls
Cisco AnyConnect® Secure Mobility Services • Highly secure, simple, and reliable o-premise connectivity • Endpoint intelligence and context across any access method (wired, wireless, VPN ), from any device • Remote secure access to authorised applications for tablets and smartphones
18
© 2014 Cisco and/or its aliates. All rights reserved.
What to Sell – Focus Products The Avenue for Driving Incremental Pipeline: Attach Security to Data Center Opportunities Did you know that including Cisco security architectures as a component of all data center opportunities can drive an average of 41% incremental revenue on each deal? Since there are no data center designs without a security component, you will be addressing one of your data center customers’ top concerns.
Make Cisco’s tightly integrated solution portfolio one of your key competitive advantages: Dierentiate your oerings by selling an end-to-end data center solution, which reduces the complexity of working with multiple vendors and point products.
• Check out the Cisco Secure Datacenter Solutions and the Cisco Validated Designs • Check out www.cisco.com/go/promotions for latest Security Incentives and Promos
www.cisco.com/go/securedatacenter
Partner Condential
19
Partner Program Security Architecture Specialisations Cisco has re-designed the Security Specialisation program, aligning it to the new product portfolio.
Master Security Specialisation Complete Security Portfolio y t i x e l p m o C
Advanced Security Architecture Specialisation Complete Security Portfolio
Express Security Specialisations Web | Email | NG Firewall | NG IPS
SMB
Midmarket
Enterprise
Market Segment
Express Security Specialisation – A new entry point into security specialisations, allowing a partner to focus on one or several specic products (Email, Web, Next-Generation Firewall, IPS). Advanced Security Architecture Specialisation – This specialisation covers the breadth of Cisco’s Security Portfolio, and oers more advanced enablement for threat defence, secure access, Cloud and management solutions. Master Security Architecture Specialisation – This specialisation builds upon expertise attained in the Advanced Security Architecture Specialisation and enables partners to deliver value-added security solutions to their customers. www.cisco.com/go/specializations -> Security Architecture Specializations
20
© 2014 Cisco and/or its aliates. All rights reserved.
Partner Program Security Promotions & Incentives Incentive Programs & Promotions are Cisco’s commitment to Partner Protability. Increase your revenue potential with upfront discount and backend payment programs, and special promotions that have been designed to help you sell Cisco security products and solutions.
Marketing & Demand Generation The free, ready-to-use marketing campaigns are designed to showcase your partnership with us, and help you eectively market Cisco security products and solutions to your customers.
Demoing Cisco Security Solutions Cisco dCloud, the Cisco Demo Cloud, provides powerful self-service capabilities for Cisco Partners. From scripted, repeatable demonstrations to fully customized labs with complete administrative access, Cisco dCloud can work for any use case. www.cisco.com/go/promotions -> Filter Category “Security” www.cisco.com/web/partners/sell/marketing-campaigns.html dcloud.cisco.com
Partner Condential
21
Partner Program Useful Links Cisco Security Intelligence Operations tools.cisco.com/security/center/home.x
Security Community communities.cisco.com/community/technology/security
Cisco Security Blog blogs.cisco.com/security
Partner Support www.cisco.com/web/partners/support
Training & Certification www.cisco.com/web/learning
Certification Tracking cisco.pearsoncred.com
Marketing Assets Library bx.cisco.com/cbx-portal
Competitive Information www.cisco.com/web/partners/sell/competitive
22
© 2014 Cisco and/or its aliates. All rights reserved.
What Next? Build and Practice your Security Pitch • Focus on Business Challenges • Focus on The Attack Continuum • Become comfortable talking about security
Have a Security Conversation with Your Customer • Identify the Security decision makers • Open the door for a deeper dive • Engage With Your Cisco Security Team!
• Security can be a major contributor to your company’s bottom line • Security is no stand-alone technology, it is a differentiator for your portfolio • The Security market is very fragmented; Cisco provides you and your customers a One-Stop-Shop
Partner Condential
23