IT-GRC Security Solutions
“How do I best
protect IT
Confidentiality,
Integrity, and
Availability?”
“Security is
complex; so we
need a holistic
approach to
prioritize activities
and investment “
“We need to meet the
many overlapping
standards
suchtoas
“We need
SoX,
PCI, SSL
ISO-27001
deploy
VPN”
to name a few “
Customer Challenges
Businesses today face the challenge of both
protecting themselves from a myriad of security
threats and meeting many overlapping compliance
obligations, all with limited resources
Security threats continue to increase in number and
sophistication
Inability to meet compliance requirements can lead
to lawsuits, fines, and other penalties.
Fragmented teams that operated in individual silos
lead to inefficiency, redundancy, gaps, and high cost
Threats to availability of business processes
Loss of customer trust and loyalty in the business
Solution and Customer Benefits
IT GRC addresses IT Security and Compliance
challenges through ONE comprehensive program.
These programs offer the following benefits:
Reduce cost of compliance
One set of controls and one compliance
program to implement and manage
Maximize reduction in IT security risk with
available resources
Risk-based, business focused decisions and
resource prioritization
IT GRC Delivers Dramatic Business Value
Higher Revenue
Increase in Profits
Decrease in Audit Costs
“How do I make
the best use of both
security policy and
technology to
insure security and
compliance”
“We need to be able
to determine the
likelihood and impact
of business threats
and prioritize our
response”
“How do I reduce cost
and improve the
effectiveness of my
security and compliance
initiatives?”
How do customer operate and implement a IT GRC Program
Assess
Define
Define Common
Control
Framework:
 Identify compliance
obligations
 Asset inventory
 Evaluate threats and
vulnerabilities
 Understand business
requirements
 Risk assessment
Assess Controls for
Presence and
Effectiveness:
 Policy controls
 Technical controls
Identify and
Prioritize Gaps
Cisco Solution Offers
IT GRC Security Assessment Service
Helps customers get started with IT GRC by
comprehensively addressing the Define and Assess
phases
Provides customers with a unique common control
framework that meets their needs
Assesses security policy and architecture against
control requirements
Identifies gaps and provides a prioritized roadmap
of recommendations for remediating gaps
Drives follow-on product and service opportunities
Remediate and Maintain offers
Cisco and partners offer a range of security products,
deployment services, and ongoing subscriptions to
remediate gaps and maintain security and compliance
Maintain
Remediate
Remediate Control
Gaps:
 Define and publish
policies
 Deploy security
technology
solutions
 Train employees
Maintain Controls and
Framework:
•
Operate and monitor
technical controls
•
Maintain
subscriptions
•
Periodic assessments
•
Evolve solutions
as needed
Top Questions To Ask To Initiate The Sale
1. Are you concerned with compliance with
regulations (e.g. SOX, FISMA, HIPAA) and
industry mandates (e.g. PCI)?
2. Do you have good visibility into the effectiveness
of your security and compliance programs?
3. Do you have concerns about overlaps, gaps, and
inefficiencies between the efforts of multiple
compliance initiatives?
4. Are you confident that investments in security
technology, policy, and process initiatives are
driven and prioritized by a good understanding of
business risk
5. Are you confident that you are maximizing the
return on investments in security technology,
policy, and process initiatives
IT-GRC
ASASecurity
BATTLE Solutions
CARD
“We need to
upgrade our
firewall”
External
Authority Documents
What does an IT GRC Program look like ?
Company Vision
and Strategy
Business Drivers
Your Competition
Implement
Regulations
Industry
Standards
Update
Common
Control
Framework
Risk
Assessment
International
Standards and
Control Models
Monitor
Security
Threats
Vulnerabilities
Operate
Contractual
Requirements
Compliance
Asset
Inventory
Business
Value
Additional Resources
IT GRC Web Site
http://www.cisco.com/en/US/products/ps10372/serv_home.html
There are two main forms of competition:
Business as usual: Customers continue to try to
address security and compliance in-house with
marginal success
Large security consulting firms: Some of the
largest consulting firms have opened new IT GRC
consulting practices in the last two years. The
offers are still immature and few are
comprehensive. Cisco’s differentiator is that we not
only have a comprehensive set of consulting
services, but we have the deep technical credibility
when it comes to assessing, remediating, and
maintaining security infrastructure.
Global Correlation (GC) for IPS
“We need to be
able to update our
threat management
to deal with
emerging threats”
“We need to be
able to target and
characterize the
attacker not just
respond to the
attack”
deploy SSL VPN”
What It Is
IPS with Global Correlation is a security
capability deployed with Cisco IPS Sensor
Software Release 7.0. Global Correlation
harnesses the power of Cisco Security
Intelligence Operations, the world’s largest
threat monitoring network, to achieve
unprecedented threat management efficacy.
Global threat information is turned into
actionable intelligence, such as reputation
scores, and pushed out to all enabled
technologies.
“I need to stop all
attacks against my
assets ”
Top Questions To Ask To Initiate The Sale
Reduces network down time and prevents DoS
attacks. GC IPS is able to identify and prevent
attacks and attackers, and provide (and receive)
global awareness.
Reduces operational costs associated with
having to manage, update, and propagate
updated signatures
1.
“How are you currently identifying and
preventing attacks and attackers ?”
2.
“How confident are you in knowing that
your IPS is blocking and permitting
traffic based on real attacks?”
3.
“Does your current signature based IPS
solution only detect attacks that are
already under way, and only have local
threat awareness?”
4.
“Are you aware that 50% of attacks are
from repeat offenders? (every attack a
bad guy attempts counts against him in
GC IPS’ risk rating system)”
Increase worker (IT-Security) efficiency by
focusing key business functions and actionable
events.
Where It Fits
Global Correlation makes Cisco IPS 7.0 twice
as effective as signature-only IPS technologies.
SensorBase
Cisco Threat
Operations Center
Global
Threat
Telemetry
Global
Threat
Telemetry
Global Correlation decreases false positives
with reputation analysis
Global Correlation leverages the global threat
visibility of Cisco SIO
“We are looking
for the most
effective method of
identifying and
preventing attacks
and attackers ”
Customer Benefits
Value Proposition Key Points
Global Correlation provides Cisco IPS with
updates on new threats 100 times faster than
signature updates.
“We need an IPS
system that
identifies and
prevents attacks
and attackers, and
provides global
threat awareness ”
“We need to be
able to protect our
“Weagainst
need to”
networks
Dynamic Updates and
Actionable Intelligence
w ww
Intrusion
Prevention
Solution
Email
Security
Appliances
Web
Security
Appliances
System
Administrators
PROTECT
IPS 7.0 protects your network with updates every five
minutes providing your reputation filter with information
based on global data analysis.
CORRELATE
SensorBase updates the IPS with data correlated from
over 500 3rd party feeds and over 700,000 sensors
across multiple technology types.
RESPOND
The GC IPS can respond to threats before they occur
using a reputation filters to remove the worst offenders.
Global Correlation (GC) for IPS
Top Customer Objections
“We needI’m
to concerned Global
Objection:
upgrade our
Correlation
will block my incoming
firewall”
traffic.
Answer: Global correlation can be
implemented in Audit mode
allowing you to view what traffic
global Correlation would have
stopped. Once you are comfortable
with what the Reputation Filter and
Global Inspection would have
caught you can begin to use Global
Correlation.
Objection: Will my network remain
safe if I share it with Cisco?
Answer: Yes, all data sent to
SenserBase is anynomous and there
are actually three methods of
participation in Global Correlation
that can be applied to your IPS. The
first is non-participation: Your IPS
will be receiving updates from
SensorBase but will not send any
information back. Partial
Participation allows you to send
information regarding the attack and
attacker. Full participation takes this
a step further where you would
anonymously supply the victim port
and IP.
Objection: How do I know this
won’t compromise my current IPS
security?
Answer: Again, there are multiple
ways of integrating Global
Correlation into your Risk Rating.
The first is passive, your IPS will be
receiving updates from SensorBase
but doesn’t act on them. It will only
log the threats it would have
stopped. As you become more
comfortable with it you can begin to
add Reputation Filtering and Global
Inspection to your Risk Rating
mixture
•Broad Network Coverage
•Edge : Distribution : Core : Internal
•Teleworker : Branch : Campus :
Data Center
•Diverse Platform Options
•Enabling broad deployment
flexibility, easily integrated into
network management and
deployment models
•Unified Management and
Operations
•Single update package
•Consistent management
•Enterprise-class solutions
•Sub-200 micro-second latency
for ensuring quality of lowlatency applications
•Highly reliable via hardware
and software failover
Appliances
Router Module
Clean
Access (CCA)
Cisco
Switch Module
http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html
ASA BATTLE CARD
“We need to be able
to protect against
threats, known and
unknown (i.e. like
filtering botnet
traffic)”
“We need to be
able to protect our
unified
communication
services.”
“We
“Weneed
needtoto
deploy
SSL
deploy SSLVPN”
VPN”
What It Is
ASA is a multi-purpose appliance that allows
customers to deploy security services as needed to
meeting business requirements. Services delivered
through the ASA platform include:
 Firewall
 IPS
 Content Security
 SSL/ IPsecec VPN
 Unified Communications Security
Value Proposition Key Points
Lower TCO and seamless integrate all types of VPN
devices with a “Comprehensive Connectivity” solution.
Cisco Secure remote access solution is recognized as the
world’s widest-deployed solution, offering the richest
range of connectivity in a single, versatile appliance
 Affordable, flexible solution for short-term bursts of VPN
users
 Firewall and enforce policies for internal and external
NAT’ed multicast traffic
1.
2.
3.
4.
5.
6.
“Deployment Flexibility” reduce OPEX and
troubleshooting man-hours. Secure Remote Access
solution allows for all elements of the company’s InfoSec
policy to be deployed and manage in a centralized place.
7.
8.
Adhere to PCI “compliancy” at branch location
9.
Where It Fits
10.
11.
MgmtNOC
12.
Extranet
Partner
WAN
core
“Support for multiple
vendor solution
creates problems
and is expensive”
Top Questions To Ask To Initiate The Sale
Prevent network outages with “Improve Threat
Mitigation”. Leverage Cisco’s Security Intelligence
Operations ability to centralizing information and threat
signatures issued from all security technologies of the
Cisco portfolio
 ASA 5505 with IPS Security Service Card (SSC) Module
for SMB market to meet PCI compliancy.
Broadest range of security options for secure remote access
“The useful life of
our investment in
security
technologies
continues to shrink”
Customer Benefits
Provides Botnet Traffic Filter, with the integration of the
Cisco Security Intelligence Operations to protect the internal
network from Malware threats and prevents other malicious
activity due to infect client machines.
Cisco 5580 can scale to support 10k Unified
Communications Proxy (phone, mobility, presence
federation, and TLS support) sessions
“My
administrators are
having a hard time
managing all our
security devices”
13.
Do you have the means to react and update your email
filters, web filters and reputation, IPS/ filtering as well
as share statistics globally amongst other Cisco devices.
Are you able to scale and protect your network against
threats to your unified communications applications.
Are you able to detect, isolate, and manage Botnet
attacks?
Are you able to automatically update your anti-malware
database?
Are you able to detect end-users accessing rogue IP
addresses or domains that could effect your internal
network?
Are you interesting in consolidating security services
into a single platform?
Are you currently looking to deploy SSLVPN, IPsecEC
VPN or both in your organization?
Do you need to reduce your total cost of ownership at
your branch locations while still providing secure
access, firewall, and content filtering (and adhere to
PCI)?
Does your solution securely and cost effectively1 allow
for burst of traffic during pandemic situations?
Do you have applications which need to be remotely
accessed by mobile users?
Are you looking for ways to reduce cost and complexity
with your network security?
Have you experienced business disruption due to a
worm or virus?
Are you looking to upgrade your existing security
system or add additional security services to your
network such as firewall and/or intrusion prevention?
Campus
Internet
Edge
Data
Center
ECommerce
Branch
PROTECT
The ASA 5500 helps protect corporate assets by preventing
malicious software downloads and unauthorized access.
DETECT
The ASA helps detect vulnerabilities by scanning email &
messaging for virus.
ASA BATTLE CARD
Top Customer Objections
Objection: We currently have an ASA deployed but
would “We
like toneed
test thetoBotnet Traffic Filter.
upgrade our
Answer:firewall”
Customers with existing ASAs can order the
Your Competition
Total Cost of Ownership
Firewall Technology
Cisco PIX
IPS Technology
Cisco IPS
VPN Technology
Cisco VPN 3000
Checkpoint:
Attack
licenses. All Cisco ASAs will ship with 1-year free
trial.
Objection: We already have a firewall.
NEW!! Includes
Botnet Traffic Filter –
Free 30-Day
Introductory License
Answer: The ASA is a security platform and can be
used as a firewall as well as an IPS, VPN Concentrator
or network Anti-X solution.
Objection: I don’t want to pay for all of those
capabilities if I’m not using them.
Answer: ASA is modular – all those capabilities are
there in a single device, but you only pay for those
functions you need.
Objection: I don’t feel comfortable allowing one
company to provide this much of my security solution.
Answer: Cisco has dedicated teams of experts
developing each security solution (IPS, Firewall, VPN,
etc).
Objection: During pandemic situations we need to be
able to support large burst of traffic with our existing
ASAs.
Answer: The Cisco VPN Flex licenses are designed to
allow for an increase (traffic burst) in the total number
of SSL VPN concurrent users on an ASA for a short
period of time.
What Is The Closest Link?
ASA Security
Service
Modules
Your Response
Integrated
Management.
Cisco management
solutions
are complex and
not
integrated into a
single
solution
Cisco offers centralized
security management across
routers, appliances and
endpoints. For logging and
data analysis, we offer our
MARS product. The last 3
products that CheckPoint
introduced: InterSpect,
Connectra, Integrity have only
limited support within
SmartCenter such as logging
and updates.
Cisco is a router
company,
not a security
company. CP
only thinks about
security
and nothing else.
Being a router/switch plus
security vendor is
advantageous. You can offer
end to end security solution for
the whole enterprise. NAC on
switches/routers, CSA on
desktop, built-in FW/IDS with
IOS, dynamic ARP inspection
and IP source guard for voice
security, end to end voice
encryption.
Cisco ASA
Disparate Devices
List (CapEx)
SMB Head-end Firewall
SMB Head-end IPS Appliance
Head-end VPN Concentrator
SUB-TOTALS
DISCOUNT
TOTALS
$4,500.00
$8,000.00
$10,000.00
$22,500.00
30%
$15,750.00
Adaptive Security Appliance
List (CapEx)
$12,495.00
ASA 5520 w/FW, IPS & VPN
30%
DISCOUNT
TOTALS
$8,746.50
One device to manage with one console, one
Technical Assistance Center (TAC) to work with.
Significantly reduce OpEx.
Success Story Proof Points
Juniper:
“The Cisco ASA 5500 Series IPS Edition allows us to not only fulfill a
regulatory requirement, but also, more importantly, to do the right thing
and make sure we are being as proactive as possible with our network
security.”
-- Benjamin Craig, Vice President of Information Systems for River
City Bank
Sales Tactics: Positions SSL VPN to the Sec Ops Decision
Makers to gain strategic entry points, especially in Financial
industry.
Attacks: IOS is unstable, Cisco’s service module strategy
adds complexity & cost
Response: Lead with our Security position in the market
(#1), educate customer on IOS strength in the SDN story,
highlight TCO and investment protection for customer
related to the service module approach.
Additional Resources
Service Modules plug in to allow
customer to turn on security services
as needed.
ASA Web Site: http//www.cisco.com/go/asa