Title: IT-GRC Security Solutions
1IT-GRC Security Solutions
Security is complex so we need a holistic
approach to prioritize activities and investment
How do I best protect IT Confidentiality,
Integrity, and Availability?
We need to meet the many overlapping standards
such as SoX, PCI, ISO-27001 to name a few
How do I make the best use of both security
policy and technology to insure security and
compliance
We need to be able to determine the likelihood
and impact of business threats and prioritize our
response
How do I reduce cost and improve the
effectiveness of my security and compliance
initiatives?
We need to deploy SSL VPN
Customer Challenges
How do customer operate and implement a IT GRC
Program
- Businesses today face the challenge of both
protecting themselves from a myriad of security
threats and meeting many overlapping compliance
obligations, all with limited resources - Security threats continue to increase in number
and sophistication - Inability to meet compliance requirements can
lead to lawsuits, fines, and other penalties. - Fragmented teams that operated in individual
silos lead to inefficiency, redundancy, gaps, and
high cost - Threats to availability of business processes
- Loss of customer trust and loyalty in the business
Solution and Customer Benefits
Top Questions To Ask To Initiate The Sale
Cisco Solution Offers
- IT GRC addresses IT Security and Compliance
challenges through ONE comprehensive program.
These programs offer the following benefits - Reduce cost of compliance
- One set of controls and one compliance program to
implement and manage - Maximize reduction in IT security risk with
available resources - Risk-based, business focused decisions and
resource prioritization - IT GRC Delivers Dramatic Business Value
- Higher Revenue
- Increase in Profits
- Decrease in Audit Costs
- IT GRC Security Assessment Service
- Helps customers get started with IT GRC by
comprehensively addressing the Define and Assess
phases - Provides customers with a unique common control
framework that meets their needs - Assesses security policy and architecture against
control requirements - Identifies gaps and provides a prioritized
roadmap of recommendations for remediating gaps - Drives follow-on product and service
opportunities - Remediate and Maintain offers
- Cisco and partners offer a range of security
products, deployment services, and ongoing
subscriptions to remediate gaps and maintain
security and compliance
- Are you concerned with compliance with
regulations (e.g. SOX, FISMA, HIPAA) and industry
mandates (e.g. PCI)? - Do you have good visibility into the
effectiveness of your security and compliance
programs? - Do you have concerns about overlaps, gaps, and
inefficiencies between the efforts of multiple
compliance initiatives? - Are you confident that investments in security
technology, policy, and process initiatives are
driven and prioritized by a good understanding of
business risk - Are you confident that you are maximizing the
return on investments in security technology,
policy, and process initiatives
2ASA BATTLE CARD
IT-GRC Security Solutions
What does an IT GRC Program look like ?
Your Competition
There are two main forms of competition Business
as usual Customers continue to try to address
security and compliance in-house with marginal
success Large security consulting firms Some of
the largest consulting firms have opened new IT
GRC consulting practices in the last two years.
The offers are still immature and few are
comprehensive. Ciscos differentiator is that we
not only have a comprehensive set of consulting
services, but we have the deep technical
credibility when it comes to assessing,
remediating, and maintaining security
infrastructure.
Additional Resources
IT GRC Web Site http//www.cisco.com/en/US/produ
cts/ps10372/serv_home.html
3Global Correlation (GC) for IPS
We need an IPS system that identifies and
prevents attacks and attackers, and provides
global threat awareness
We need to be able to update our threat
management to deal with emerging threats
We need to be able to target and characterize
the attacker not just respond to the attack
We are looking for the most effective method of
identifying and preventing attacks and attackers
I need to stop all attacks against my assets
We need to be able to protect our networks
against
We need to deploy SSL VPN
What It Is
Customer Benefits
Top Questions To Ask To Initiate The Sale
- Reduces network down time and prevents DoS
attacks. GC IPS is able to identify and prevent
attacks and attackers, and provide (and receive)
global awareness. - Reduces operational costs associated with having
to manage, update, and propagate updated
signatures - Increase worker (IT-Security) efficiency by
focusing key business functions and actionable
events.
IPS with Global Correlation is a security
capability deployed with Cisco IPS Sensor
Software Release 7.0. Global Correlation
harnesses the power of Cisco Security
Intelligence Operations, the worlds largest
threat monitoring network, to achieve
unprecedented threat management efficacy. Global
threat information is turned into actionable
intelligence, such as reputation scores, and
pushed out to all enabled technologies.
- How are you currently identifying and preventing
attacks and attackers ? - How confident are you in knowing that your IPS
is blocking and permitting traffic based on real
attacks? - Does your current signature based IPS solution
only detect attacks that are already under way,
and only have local threat awareness? - Are you aware that 50 of attacks are from
repeat offenders? (every attack a bad guy
attempts counts against him in GC IPS risk
rating system)
Value Proposition Key Points
Where It Fits
- Global Correlation makes Cisco IPS 7.0 twice as
effective as signature-only IPS technologies. - Global Correlation provides Cisco IPS with
updates on new threats 100 times faster than
signature updates. - Global Correlation decreases false positives with
reputation analysis - Global Correlation leverages the global threat
visibility of Cisco SIO
PROTECT IPS 7.0 protects your network with
updates every five minutes providing your
reputation filter with information based on
global data analysis. CORRELATE SensorBase
updates the IPS with data correlated from over
500 3rd party feeds and over 700,000 sensors
across multiple technology types. RESPOND The GC
IPS can respond to threats before they occur
using a reputation filters to remove the worst
offenders.
4Global Correlation (GC) for IPS
Top Customer Objections
- Broad Network Coverage
- Edge Distribution Core Internal
- Teleworker Branch Campus Data Center
- Diverse Platform Options
- Enabling broad deployment flexibility, easily
integrated into network management and deployment
models - Unified Management and Operations
- Single update package
- Consistent management
- Enterprise-class solutions
- Sub-200 micro-second latency for ensuring quality
of low-latency applications - Highly reliable via hardware and software failover
Objection Im concerned Global Correlation will
block my incoming traffic. Answer Global
correlation can be implemented in Audit mode
allowing you to view what traffic global
Correlation would have stopped. Once you are
comfortable with what the Reputation Filter and
Global Inspection would have caught you can begin
to use Global Correlation. Objection Will my
network remain safe if I share it with
Cisco?Answer Yes, all data sent to SenserBase
is anynomous and there are actually three methods
of participation in Global Correlation that can
be applied to your IPS. The first is
non-participation Your IPS will be receiving
updates from SensorBase but will not send any
information back. Partial Participation allows
you to send information regarding the attack and
attacker. Full participation takes this a step
further where you would anonymously supply the
victim port and IP.
We need to upgrade our firewall
Objection How do I know this wont compromise my
current IPS security? Answer Again, there are
multiple ways of integrating Global Correlation
into your Risk Rating. The first is passive, your
IPS will be receiving updates from SensorBase but
doesnt act on them. It will only log the threats
it would have stopped. As you become more
comfortable with it you can begin to add
Reputation Filtering and Global Inspection to
your Risk Rating mixture
Cisco Clean Access (CCA)
Router Module
Appliances
Switch Module
http//www.cisco.com/en/US/products/sw/secursw/ps2
113/index.html
5ASA BATTLE CARD
Support for multiple vendor solution creates
problems and is expensive
My administrators are having a hard time
managing all our security devices
The useful life of our investment in security
technologies continues to shrink
We need to be able to protect our unified
communication services.
We need to be able to protect against threats,
known and unknown (i.e. like filtering botnet
traffic)
We need to deploy SSL VPN
We need to deploy SSL VPN
What It Is
Customer Benefits
Top Questions To Ask To Initiate The Sale
- Prevent network outages with Improve Threat
Mitigation. Leverage Ciscos Security
Intelligence Operations ability to centralizing
information and threat signatures issued from all
security technologies of the Cisco portfolio - Lower TCO and seamless integrate all types of VPN
devices with a Comprehensive Connectivity
solution. Cisco Secure remote access solution is
recognized as the worlds widest-deployed
solution, offering the richest range of
connectivity in a single, versatile appliance -
- Deployment Flexibility reduce OPEX and
troubleshooting man-hours. Secure Remote Access
solution allows for all elements of the companys
InfoSec policy to be deployed and manage in a
centralized place. - Adhere to PCI compliancy at branch location
- Do you have the means to react and update your
email filters, web filters and reputation, IPS/
filtering as well as share statistics globally
amongst other Cisco devices. - Are you able to scale and protect your network
against threats to your unified communications
applications. - Are you able to detect, isolate, and manage
Botnet attacks? - Are you able to automatically update your
anti-malware database? - Are you able to detect end-users accessing rogue
IP addresses or domains that could effect your
internal network? - Are you interesting in consolidating security
services into a single platform? - Are you currently looking to deploy SSLVPN,
IPsecEC VPN or both in your organization? - Do you need to reduce your total cost of
ownership at your branch locations while still
providing secure access, firewall, and content
filtering (and adhere to PCI)? - Does your solution securely and cost effectively1
allow for burst of traffic during pandemic
situations? - Do you have applications which need to be
remotely accessed by mobile users? - Are you looking for ways to reduce cost and
complexity with your network security? - Have you experienced business disruption due to a
worm or virus? - Are you looking to upgrade your existing security
system or add additional security services to
your network such as firewall and/or intrusion
prevention?
- ASA is a multi-purpose appliance that allows
customers to deploy security services as needed
to meeting business requirements. Services
delivered through the ASA platform include - Firewall
- IPS
- Content Security
- SSL/ IPsecec VPN
- Unified Communications Security
Value Proposition Key Points
Where It Fits
- Provides Botnet Traffic Filter, with the
integration of the Cisco Security Intelligence
Operations to protect the internal network from
Malware threats and prevents other malicious
activity due to infect client machines. - ASA 5505 with IPS Security Service Card (SSC)
Module for SMB market to meet PCI compliancy. - Cisco 5580 can scale to support 10k Unified
Communications Proxy (phone, mobility, presence
federation, and TLS support) sessions - Broadest range of security options for secure
remote access - Affordable, flexible solution for short-term
bursts of VPN users - Firewall and enforce policies for internal and
external NATed multicast traffic
PROTECT The ASA 5500 helps protect corporate
assets by preventing malicious software downloads
and unauthorized access. DETECT The ASA helps
detect vulnerabilities by scanning email
messaging for virus.
6ASA BATTLE CARD
ASA BATTLE CARD
Top Customer Objections
Total Cost of Ownership
Your Competition
Objection We currently have an ASA deployed but
would like to test the Botnet Traffic
Filter. Answer Customers with existing ASAs can
order the licenses. All Cisco ASAs will ship with
1-year free trial. Objection We already have a
firewall. Answer The ASA is a security platform
and can be used as a firewall as well as an IPS,
VPN Concentrator or network Anti-X
solution. Objection I dont want to pay for all
of those capabilities if Im not using
them. Answer ASA is modular all those
capabilities are there in a single device, but
you only pay for those functions you
need. Objection I dont feel comfortable
allowing one company to provide this much of my
security solution. Answer Cisco has dedicated
teams of experts developing each security
solution (IPS, Firewall, VPN, etc). Objection
During pandemic situations we need to be able to
support large burst of traffic with our existing
ASAs. Answer The Cisco VPN Flex licenses are
designed to allow for an increase (traffic burst)
in the total number of SSL VPN concurrent users
on an ASA for a short period of time.
Checkpoint Attack
Your Response
We need to upgrade our firewall
Firewall Technology
IPS Technology
VPN Technology
Cisco PIX
Cisco IPS
Cisco VPN 3000
Integrated Management. Cisco management solutions are complex and not integrated into a single solution Cisco offers centralized security management across routers, appliances and endpoints. For logging and data analysis, we offer our MARS product. The last 3 products that CheckPoint introduced InterSpect, Connectra, Integrity have only limited support within SmartCenter such as logging and updates.
Cisco is a router company, not a security company. CP only thinks about security and nothing else. Being a router/switch plus security vendor is advantageous. You can offer end to end security solution for the whole enterprise. NAC on switches/routers, CSA on desktop, built-in FW/IDS with IOS, dynamic ARP inspection and IP source guard for voice security, end to end voice encryption.
NEW!! Includes Botnet Traffic Filter Free
30-Day Introductory License
Success Story Proof Points
Juniper Sales Tactics Positions SSL VPN to
the Sec Ops Decision Makers to gain strategic
entry points, especially in Financial
industry. Attacks IOS is unstable, Ciscos
service module strategy adds complexity
cost Response Lead with our Security position
in the market (1), educate customer on IOS
strength in the SDN story, highlight TCO and
investment protection for customer related to the
service module approach.
The Cisco ASA 5500 Series IPS Edition allows us
to not only fulfill a regulatory requirement, but
also, more importantly, to do the right thing and
make sure we are being as proactive as possible
with our network security. -- Benjamin Craig,
Vice President of Information Systems for River
City Bank
What Is The Closest Link?
ASA Security Service Modules
Additional Resources
Service Modules plug in to allow customer to turn
on security services as needed.
ASA Web Site http//www.cisco.com/go/asa