Cisco Cybersecurity Pocket Guide 2015 Why Security Security investment: A top priority Security: A critical boardroom topic Why Security? Security Investment: A Top Priority Figure 1 How Enterprises View IT Security Why Cisco The industry s leading security company Market recognition Security intelligence and research Cisco Security Strategy Challenges Threat-centric security model What to Sell- Cisco Security Product Portfolio Network and data center security Advanced Malware Protection Cloud security Web and email security Security Channel Partner Program Security Architecture Specializations Incentives & Promotions Demand Generation & Demo 56% 73% of organizations state that IT security is critical in meeting their top business objectives of organizations state that IT security is one of the top five priorities for IT investment for the next fiscal year Source: Cisco Annual Security Report 2014 Security Everywhere 51% of organizations say that security is more important than other IT initiatives As much as the Digital Economy and the IoE create opportunities for companies and consumers, expected to generate $19-trillion in value to organizations over the next decade, they also create opportunities for hackers and cybercriminals. With an expanded attack surface represented by the IoE, cybercriminals look to cash in on the estimated value of $450 billion to over $1 trillion of the Hacker Economy. The most effective way to confront this dynamic threat landscape is to make security as pervasive as the Internet of Everything itself extending to wherever employees are and wherever data is to include Security Everywhere.
By embedding security everywhere across the extended network, security becomes an enabler for business to take full and secure advantage of opportunities presented by new digital business models and the Internet of Things (IoT) with protection across the entire attack continuum before, during, and after an attack. Security: A Critical Boardroom Topic There is mounting concern at the senior executive and board level regarding information security and the risk of lost intellectual property, compromised customer information and confidence, and valuation impact. Chief information security officers (CISOs) are challenged to push boardroom discussions into additional security investment. These are critical considerations as organizations become more agile and try to grow their business models in the face of the evolving trends of mobility, cloud computing, and advanced targeted attacks. Why Cisco? Cisco: The Leading Security Company Cisco is widely recognized throughout the industry as offering best-in-class solutions (Figure 2). Figure 2 Market Recognition of Cisco Security Solutions 2
Cisco is Leader in Gartner Magic Quadrants for: Network Access Control (December 2014) Intrusion Prevention Systems (December 2014) Secure Email Gateways (July 2015) The Cisco security portfolio was rated positive in Gartner s 2014 Vendor Rating. For more information and security reports, visit www.cisco.com/go/security. NSS Labs 2014 Next-Generation Firewall Report: Cisco ASA with FirePOWER Services NSS Labs has conducted the most rigorous next-generation firewall testing to date. Cisco ASA with FirePOWER Services, the industry s first threat-focused NGFW, is now also the first in security effectiveness, according to NSS Labs reports (Figure 3). Figure 3 Where Cisco NGFW Places in the NSS Security Value Map Source: NSS Labs 2014 Security Value Map Download the reports: http://cisco.com/go/nssngfw2014 3
Cisco Talos Security Intelligence and Research Group: More than a Traditional Response Team The Cisco Talos Security Intelligence and Research Group is composed of elite cybersecurity experts whose threat intelligence detects, analyzes, and protects against both known and emerging threats by aggregating and analyzing Cisco s unrivaled telemetry data of: 1.1 million incoming malware samples per day 4.2 billion web-filtering blocks per day 1 billion SenderBase reputation queries per day 100 TB of data received per day Talos also maintains the official rule sets of Snort, ClamAV, SenderBase, and SpamCop. Cisco Security Research: www.cisco.com/go/talos Cisco 2015 Annual Security Report: www.cisco.com/go/securityreports The Cisco Security Strategy Security Challenges A combination of three major realities has made the task of defending a network more difficult than ever, while helping attackers find new ways to evade defenses (Figure 4). Figure 4 Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation 92% of top 500 Android apps carry secarry security and/or privacy risks 5-10x more cloud services are being used than known by IT 60% data in breaches is stolen in hours 54% of breaches remain undiscovered for months average number of security vectors in a customer s IT environment hard to manage do not interoperate visibility gaps 4
Changing business models: The Internet of Everything is accelerating change, creating new attack vectors and making it even more difficult to defend the organization. At the same time, however, the IoE opens up huge opportunities for business as long as it is secured. Dynamic threat landscape: Attackers have become much more sophisticated and well financed, and their attacks have moved from static to dynamic, from visible to hidden. Without near real-time discovery capabilities, an organization will be at a significant disadvantage. Complexity and fragmentation: Most organizations have dozens of security technologies that often do not interoperate, and this situation is exacerbated by a significant lack of available security specialists in the market. The Attack Continuum There are three stages to an attack: before, during, and after (Figure 5). Figure 5 The Attack Continuum Before an attack: Organizations need to know what they are defending. They need to know what is on their network (devices, operating systems, applications, users, and so on) to be able to defend it. During an attack: When attackers get through, customers need to be able to detect them. Once they detect an attack, they will be able to block it and defend the environment. After the attack: Invariably, some attacks will be successful, and customers need to be able to determine the scope of the damage, remediate, and bring operations back to normal. 5
Cisco s Threat-Centric Security Model: An Integrated, Open, Pervasive, and Continuous Approach By taking a threat-centric and operational approach to security, organizations can reduce complexity and fragmentation while providing superior visibility, continuous control, and advanced threat protection across the extended network and the entire attack continuum (Figure 6). Figure 6 A Comprehensive Security Model Network-Integrated, Broad Sensor Base, Context and Automation Continuous Advances Threat Protection, Cloud-Based Security Intelligence Agile and Open Platforms, Built for Scale, Consistent Control, Management Network Endpoint Mobile Virtual Cloud Visibility driven: Get global intelligence and context for deeper insights and better decisions. Threat focused: Detect, understand, and stop threats across the entire attack continuum Platform based: Reduce fragmentation by using a platform-based approach to protect the network, devices, and the cloud. Only Cisco delivers platform-based solutions that integrate into an overall security system. 6
Figure 7 Security Products Used Along the Attack Continuum Context-aware security: Take advantage of physical and virtual hosts, operating systems, applications, services, protocols, users, and analyses of content and network behavior. Continuous security: Aggregate and correlate data from across the extended network, discriminating between active attacks and reconnaissance versus background noise. Retrospective security: Detect malware that is sophisticated enough to alter its behavior to avoid detection, and evaluate full packet capture in order to successfully remediate. 7
The Cisco Security Product Portfolio Next-Generation Network and Data Center Security Protect high-value data and data center resources with threat defence, highly secure virtualization, segmentation, and policy control. Cisco ASA 5500-X with FirePOWER Services (NGFW) Offers the industry s first threat-focused NGFW Combines ASA firewall with Cisco next-generation IPS (NGIPS) and Advanced Malware Protection (AMP) Platform series with wide range of sizes and form factos Cisco ASA 5585-X with FirePOWER Services (NGFW) Offers purpose-built security appliance for data centers Delivers highest performance, resiliency, and scalability through leading-edge clustering Combines ASA firewall with Cisco NGIPS and AMP Cisco FirePOWER Next-Generation IPS (NGIPS) Offers the most advanced threat protection in the industry Delivers industry-leading throughput, threat detection efficacy, and low TCO Platform series with wide range of sizes and form factors Cisco FireSIGHT Management Center Centrally manages operational functions for ASA with FirePOWER Services and FirePOWER NGIPS Automatically aggregates and correlates information Reduces cost by streamlining operations and automating recurring analysis and management tasks 8
Reduce complexity while gaining superior visibility, consistent control, and advanced threat protection across the entire attack continuum. Cisco Adaptive Security Virtual Appliance (ASAv) Incorporates a fully integrated Cisco Application Centric Infrastructure (ACI) Provides consistent transparent security across physical, virtual, ACI, software-defined networking, and cloud environments Provides vswitch support for Cisco, hybrid, and non-cisco data centers Cisco Virtual Next-Generation IPS for VMware Offers a virtualized Cisco FirePOWER NGIPS solution Reclaims the visibility lost when virtualizing Extends Payment Card Industry (PCI) compliance to virtual environments Cisco Virtual Security Gateway Integrates with the Cisco Nexus 1000V virtual switch Delivers security policy enforcement and visibility at a virtual-machine level Logically isolates applications in virtual data centers and multitenant environments Enforces separation of duties between security and server administrators Check out www.cisco.com/go/promotions for the latest security incentives and promotions. 9
Advanced Malware Protection Cisco Advanced Malware Protection (AMP) provides continuous analysis and advanced analytics that support Cisco retrospective security capabilities. Unlike the many point-in-time solutions on the market, Cisco AMP offers protection across the full attack continuum (Figure 8). Figure 8 Point in Time Detection vs. Continuous Detection AMP Everywhere : We offer the industry s broadest portfolio of integrated Advanced Malware Protection solutions Cisco AMP for Networks Cisco AMP for Endpoints Cisco AMP for Web Security Cisco AMP for Cloud Web Security Cisco AMP for Email Security Cisco AMP integrated in Cisco ASA with FirePOWER Services Cisco AMP for AnyConnect 10
Security as a Service (SaaS) FROM the Cloud Cisco cloud solutions protect users with policy enforcement, offer flexible deployment and lower TCO, and use the power of big data and machine learning. Services available from the cloud include: Enterprise-grade user protection as a service Web and email security solutions Advanced threat detection and mitigation SaaS visibility and control that can uncover any shadow IT Security FOR the Cloud Cisco cloud solutions protect workloads, provide pervasive visibility, secure connections, and protect the integrity of information. Our security solutions include: Physical and virtual security assets (networks and content) Integration with fabrics and orchestration Protection for applications beyond the enterprise data center Integrated threat defense architecture 11
Web and Email Security Cisco s Content Security portfolio protects organizations from evolving email and web threats. Email and Web security are critical components of a holistic security strategy. Cisco Email Security Appliance (ESA) and Cloud Email Security (CES) Fight spam, viruses, and blended threats for organizations of all sizes Enforce compliance and protect reputation and brand assets Available as cloud-based and hybrid (onsite appliance plus cloud) solutions Web Security Appliance (WSA) and Cloud Web Security (CWS) Provide proactive security, application visibility, and control for users on and off the network Protect against advanced threats with Advanced Malware Protection (AMP) and Cognitive Threat Analytics (CTA) Flexible deployment, including on-premises and cloud delivered, leverages existing infrastructure and scales to fit Customized reporting offers actionable intelligence Check out www.cisco.com/go/promotions for the latest security incentives and promotions 12
Secure Access and Mobility Enhance network visibility and control with identity-aware highly secure access solutions. Cisco Identity Services Engine (ISE) Provides a policy-management platform that enforces secure access to network resources (wired, wireless, and VPN) Accurately identifies every user and device that connects to the network Cisco Network Admission Control (NAC) Enforces network security policies by allowing access only to trusted devices Blocks access by noncompliant devices and limits damage from emerging threats and risks Cisco TrustSec Technology Provides secure network access based on rich contextual data (who, what, where, when, how) Automates firewall rules and access control list administration, uses plain-language policies Embedded in the operating systems of Cisco ISE, Cisco Catalyst and Cisco Nexus switches, Cisco Integrated Services Routers, and Cisco ASA firewalls Cisco TrustSec Technology Provides secure network access based on rich contextual data (who, what, where, when, how) Automates firewall rules and access control list administration, uses plain-language policies Embedded in the operating systems of Cisco ISE, Cisco Catalyst and Cisco Nexus switches, Cisco Integrated Services Routers, and Cisco ASA firewalls Cisco AnyConnect Secure Mobility Solution Provides highly secure, simple, and reliable off-premises connectivity Helps ensure endpoint integrity with multiple authentication options and comprehensive posture checks. Delivers automatics secure connectivity with end-to-end encryptions, integrated web security, per app VPN and advanced malware protection activation. 13
Security Architecture Specializations Cisco has re-designed the Security Specialization program, aligning it to the new product portfolio. Market Segment Express Security Specialization A new entry point into security specializations, allowing a partner to focus on one or several specific products (Email, Web, Next-Generation Firewall, IPS). Advanced Security Architecture Specialization This specialization covers the breadth of Cisco s Security Portfolio, and offers more advanced enablement for threat defence, secure access, Cloud and management solutions. Master Security Architecture Specialization This specialisation builds upon expertise attained in the Advanced Security Architecture Specialization and enables partners to deliver value-added security solutions to their customers. 14
Security Promotions & Incentives Incentive Programmes & Promotions are Cisco s commitment to Partner Profitability. Increase your revenue potential with upfront discount and backend payment programmes, and special promotions that have been designed to help you sell Cisco security products and solutions. Marketing & Demand Generation The free, ready-to-use marketing campaigns are designed to showcase your partnership with us, and help you effectively market Cisco security products and solutions to your customers. Demoing Cisco Security Solutions Cisco dcloud, the Cisco Demo Cloud, provides powerful self-service capabilities for Cisco Partners. From scripted, repeatable demonstrations to fully customized labs with complete administrative access, Cisco dcloud can www.cisco.com/go/promotions -> Filter Category Security http://www.cisco.com/web/partners/sell/partner_marketing.html dcloud.cisco.com For More Information Cisco Security cisco.com/go/security Security Community communities.cisco.com/community/ technology/security Cisco Security Blog blogs.cisco.com/security Partner Support www.cisco.com/web/partners/support Training & Certification www.cisco.com/web/learning Certification Tracking cisco.pearsoncred.com Competitive Information www.cisco.com/web/partners/sell/ competitive Cisco Security Intelligence Operations tools.cisco.com/security/center/home.x Cisco Partner Marketing Central http://www.ciscopartnermarketing.com/ 2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/ or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Thirdparty trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C45-123456-00 01/15 15