IT-GRC Security Solutions

1
IT-GRC Security Solutions
Security is complex so we need a holistic
approach to prioritize activities and investment
How do I best protect IT Confidentiality,
Integrity, and Availability?
We need to meet the many overlapping standards
such as SoX, PCI, ISO-27001 to name a few
How do I make the best use of both security
policy and technology to insure security and
compliance
We need to be able to determine the likelihood
and impact of business threats and prioritize our
response
How do I reduce cost and improve the
effectiveness of my security and compliance
initiatives?
We need to deploy SSL VPN
Customer Challenges
How do customer operate and implement a IT GRC
Program

• Businesses today face the challenge of both
  protecting themselves from a myriad of security
  threats and meeting many overlapping compliance
  obligations, all with limited resources
• Security threats continue to increase in number
  and sophistication
• Inability to meet compliance requirements can
  lead to lawsuits, fines, and other penalties.
• Fragmented teams that operated in individual
  silos lead to inefficiency, redundancy, gaps, and
  high cost
• Threats to availability of business processes
• Loss of customer trust and loyalty in the business

Solution and Customer Benefits
Top Questions To Ask To Initiate The Sale
Cisco Solution Offers

• IT GRC addresses IT Security and Compliance
  challenges through ONE comprehensive program.
  These programs offer the following benefits
• Reduce cost of compliance
• One set of controls and one compliance program to
  implement and manage
• Maximize reduction in IT security risk with
  available resources
• Risk-based, business focused decisions and
  resource prioritization
• IT GRC Delivers Dramatic Business Value
• Higher Revenue
• Increase in Profits
• Decrease in Audit Costs

• IT GRC Security Assessment Service
• Helps customers get started with IT GRC by
  comprehensively addressing the Define and Assess
  phases
• Provides customers with a unique common control
  framework that meets their needs
• Assesses security policy and architecture against
  control requirements
• Identifies gaps and provides a prioritized
  roadmap of recommendations for remediating gaps
• Drives follow-on product and service
  opportunities
• Remediate and Maintain offers
• Cisco and partners offer a range of security
  products, deployment services, and ongoing
  subscriptions to remediate gaps and maintain
  security and compliance

1. Are you concerned with compliance with
   regulations (e.g. SOX, FISMA, HIPAA) and industry
   mandates (e.g. PCI)?
2. Do you have good visibility into the
   effectiveness of your security and compliance
   programs?
3. Do you have concerns about overlaps, gaps, and
   inefficiencies between the efforts of multiple
   compliance initiatives?
4. Are you confident that investments in security
   technology, policy, and process initiatives are
   driven and prioritized by a good understanding of
   business risk
5. Are you confident that you are maximizing the
   return on investments in security technology,
   policy, and process initiatives

2
ASA BATTLE CARD
IT-GRC Security Solutions
What does an IT GRC Program look like ?
Your Competition
There are two main forms of competition Business
as usual Customers continue to try to address
security and compliance in-house with marginal
success Large security consulting firms Some of
the largest consulting firms have opened new IT
GRC consulting practices in the last two years.
The offers are still immature and few are
comprehensive. Ciscos differentiator is that we
not only have a comprehensive set of consulting
services, but we have the deep technical
credibility when it comes to assessing,
remediating, and maintaining security
infrastructure.
Additional Resources
IT GRC Web Site http//www.cisco.com/en/US/produ
cts/ps10372/serv_home.html
3
Global Correlation (GC) for IPS
We need an IPS system that identifies and
prevents attacks and attackers, and provides
global threat awareness
We need to be able to update our threat
management to deal with emerging threats
We need to be able to target and characterize
the attacker not just respond to the attack
We are looking for the most effective method of
identifying and preventing attacks and attackers
I need to stop all attacks against my assets
We need to be able to protect our networks
against
We need to deploy SSL VPN
What It Is
Customer Benefits
Top Questions To Ask To Initiate The Sale

• Reduces network down time and prevents DoS
  attacks. GC IPS is able to identify and prevent
  attacks and attackers, and provide (and receive)
  global awareness.
• Reduces operational costs associated with having
  to manage, update, and propagate updated
  signatures
• Increase worker (IT-Security) efficiency by
  focusing key business functions and actionable
  events.

IPS with Global Correlation is a security
capability deployed with Cisco IPS Sensor
Software Release 7.0. Global Correlation
harnesses the power of Cisco Security
Intelligence Operations, the worlds largest
threat monitoring network, to achieve
unprecedented threat management efficacy. Global
threat information is turned into actionable
intelligence, such as reputation scores, and
pushed out to all enabled technologies.

1. How are you currently identifying and preventing
   attacks and attackers ?
2. How confident are you in knowing that your IPS
   is blocking and permitting traffic based on real
   attacks?
3. Does your current signature based IPS solution
   only detect attacks that are already under way,
   and only have local threat awareness?
4. Are you aware that 50 of attacks are from
   repeat offenders? (every attack a bad guy
   attempts counts against him in GC IPS risk
   rating system)

Value Proposition Key Points
Where It Fits

• Global Correlation makes Cisco IPS 7.0 twice as
  effective as signature-only IPS technologies.
• Global Correlation provides Cisco IPS with
  updates on new threats 100 times faster than
  signature updates.
• Global Correlation decreases false positives with
  reputation analysis
• Global Correlation leverages the global threat
  visibility of Cisco SIO

PROTECT IPS 7.0 protects your network with
updates every five minutes providing your
reputation filter with information based on
global data analysis. CORRELATE SensorBase
updates the IPS with data correlated from over
500 3rd party feeds and over 700,000 sensors
across multiple technology types. RESPOND The GC
IPS can respond to threats before they occur
using a reputation filters to remove the worst
offenders.
4
Global Correlation (GC) for IPS
Top Customer Objections

• Broad Network Coverage
• Edge Distribution Core Internal
• Teleworker Branch Campus Data Center
• Diverse Platform Options
• Enabling broad deployment flexibility, easily
  integrated into network management and deployment
  models
• Unified Management and Operations
• Single update package
• Consistent management
• Enterprise-class solutions
• Sub-200 micro-second latency for ensuring quality
  of low-latency applications
• Highly reliable via hardware and software failover

Objection Im concerned Global Correlation will
block my incoming traffic. Answer Global
correlation can be implemented in Audit mode
allowing you to view what traffic global
Correlation would have stopped. Once you are
comfortable with what the Reputation Filter and
Global Inspection would have caught you can begin
to use Global Correlation. Objection Will my
network remain safe if I share it with
Cisco?Answer Yes, all data sent to SenserBase
is anynomous and there are actually three methods
of participation in Global Correlation that can
be applied to your IPS. The first is
non-participation Your IPS will be receiving
updates from SensorBase but will not send any
information back. Partial Participation allows
you to send information regarding the attack and
attacker. Full participation takes this a step
further where you would anonymously supply the
victim port and IP.
We need to upgrade our firewall
Objection How do I know this wont compromise my
current IPS security? Answer Again, there are
multiple ways of integrating Global Correlation
into your Risk Rating. The first is passive, your
IPS will be receiving updates from SensorBase but
doesnt act on them. It will only log the threats
it would have stopped. As you become more
comfortable with it you can begin to add
Reputation Filtering and Global Inspection to
your Risk Rating mixture
Cisco Clean Access (CCA)
Router Module
Appliances
Switch Module
http//www.cisco.com/en/US/products/sw/secursw/ps2
113/index.html
5
ASA BATTLE CARD
Support for multiple vendor solution creates
problems and is expensive
My administrators are having a hard time
managing all our security devices
The useful life of our investment in security
technologies continues to shrink
We need to be able to protect our unified
communication services.
We need to be able to protect against threats,
known and unknown (i.e. like filtering botnet
traffic)
We need to deploy SSL VPN
We need to deploy SSL VPN
What It Is
Customer Benefits
Top Questions To Ask To Initiate The Sale

• Prevent network outages with Improve Threat
  Mitigation. Leverage Ciscos Security
  Intelligence Operations ability to centralizing
  information and threat signatures issued from all
  security technologies of the Cisco portfolio
• Lower TCO and seamless integrate all types of VPN
  devices with a Comprehensive Connectivity
  solution. Cisco Secure remote access solution is
  recognized as the worlds widest-deployed
  solution, offering the richest range of
  connectivity in a single, versatile appliance
• Deployment Flexibility reduce OPEX and
  troubleshooting man-hours. Secure Remote Access
  solution allows for all elements of the companys
  InfoSec policy to be deployed and manage in a
  centralized place.
• Adhere to PCI compliancy at branch location

1. Do you have the means to react and update your
   email filters, web filters and reputation, IPS/
   filtering as well as share statistics globally
   amongst other Cisco devices.
2. Are you able to scale and protect your network
   against threats to your unified communications
   applications.
3. Are you able to detect, isolate, and manage
   Botnet attacks?
4. Are you able to automatically update your
   anti-malware database?
5. Are you able to detect end-users accessing rogue
   IP addresses or domains that could effect your
   internal network?
6. Are you interesting in consolidating security
   services into a single platform?
7. Are you currently looking to deploy SSLVPN,
   IPsecEC VPN or both in your organization?
8. Do you need to reduce your total cost of
   ownership at your branch locations while still
   providing secure access, firewall, and content
   filtering (and adhere to PCI)?
9. Does your solution securely and cost effectively1
   allow for burst of traffic during pandemic
   situations?
10. Do you have applications which need to be
    remotely accessed by mobile users?
11. Are you looking for ways to reduce cost and
    complexity with your network security?
12. Have you experienced business disruption due to a
    worm or virus?
13. Are you looking to upgrade your existing security
    system or add additional security services to
    your network such as firewall and/or intrusion
    prevention?

• ASA is a multi-purpose appliance that allows
  customers to deploy security services as needed
  to meeting business requirements. Services
  delivered through the ASA platform include
• Firewall
• IPS
• Content Security
• SSL/ IPsecec VPN
• Unified Communications Security

Value Proposition Key Points
Where It Fits

• Provides Botnet Traffic Filter, with the
  integration of the Cisco Security Intelligence
  Operations to protect the internal network from
  Malware threats and prevents other malicious
  activity due to infect client machines.
• ASA 5505 with IPS Security Service Card (SSC)
  Module for SMB market to meet PCI compliancy.
• Cisco 5580 can scale to support 10k Unified
  Communications Proxy (phone, mobility, presence
  federation, and TLS support) sessions
• Broadest range of security options for secure
  remote access
• Affordable, flexible solution for short-term
  bursts of VPN users
• Firewall and enforce policies for internal and
  external NATed multicast traffic

PROTECT The ASA 5500 helps protect corporate
assets by preventing malicious software downloads
and unauthorized access. DETECT The ASA helps
detect vulnerabilities by scanning email
messaging for virus.
6
ASA BATTLE CARD
ASA BATTLE CARD
Top Customer Objections
Total Cost of Ownership
Your Competition
Objection We currently have an ASA deployed but
would like to test the Botnet Traffic
Filter. Answer Customers with existing ASAs can
order the licenses. All Cisco ASAs will ship with
1-year free trial. Objection We already have a
firewall. Answer The ASA is a security platform
and can be used as a firewall as well as an IPS,
VPN Concentrator or network Anti-X
solution. Objection I dont want to pay for all
of those capabilities if Im not using
them. Answer ASA is modular all those
capabilities are there in a single device, but
you only pay for those functions you
need. Objection I dont feel comfortable
allowing one company to provide this much of my
security solution. Answer Cisco has dedicated
teams of experts developing each security
solution (IPS, Firewall, VPN, etc). Objection
During pandemic situations we need to be able to
support large burst of traffic with our existing
ASAs. Answer The Cisco VPN Flex licenses are
designed to allow for an increase (traffic burst)
in the total number of SSL VPN concurrent users
on an ASA for a short period of time.
Checkpoint Attack
Your Response
We need to upgrade our firewall
Firewall Technology
IPS Technology
VPN Technology
Cisco PIX
Cisco IPS
Cisco VPN 3000
Integrated Management. Cisco management solutions are complex and not integrated into a single solution Cisco offers centralized security management across routers, appliances and endpoints. For logging and data analysis, we offer our MARS product. The last 3 products that CheckPoint introduced InterSpect, Connectra, Integrity have only limited support within SmartCenter such as logging and updates.
Cisco is a router company, not a security company. CP only thinks about security and nothing else. Being a router/switch plus security vendor is advantageous. You can offer end to end security solution for the whole enterprise. NAC on switches/routers, CSA on desktop, built-in FW/IDS with IOS, dynamic ARP inspection and IP source guard for voice security, end to end voice encryption.
NEW!! Includes Botnet Traffic Filter Free
30-Day Introductory License
Success Story Proof Points
Juniper Sales Tactics Positions SSL VPN to
the Sec Ops Decision Makers to gain strategic
entry points, especially in Financial
industry. Attacks IOS is unstable, Ciscos
service module strategy adds complexity
cost Response Lead with our Security position
in the market (1), educate customer on IOS
strength in the SDN story, highlight TCO and
investment protection for customer related to the
service module approach.
The Cisco ASA 5500 Series IPS Edition allows us
to not only fulfill a regulatory requirement, but
also, more importantly, to do the right thing and
make sure we are being as proactive as possible
with our network security. -- Benjamin Craig,
Vice President of Information Systems for River
City Bank
What Is The Closest Link?
ASA Security Service Modules
Additional Resources
Service Modules plug in to allow customer to turn
on security services as needed.
ASA Web Site http//www.cisco.com/go/asa