Solution Overview
®
Cisco Secure Ops delivers a standardized, comprehensive and integrated approach to security. It is supported by automation suppliers such as Yokogawa and Rockwell and technology providers such as McAfee and Symantec and provides a framework for a wide range of partners to participate.
Operators of industrial control networks have historically relied on a combination of “security by obscurity” and physical segregation to protect their networks against cyber attacks. More recently, this viewpoint has begun to evolve for several reasons:
● Interconnecting industrial systems, networks, and data applications to enable better information flow and decision making opportunities have become highly desirable.
● Proactive monitoring is needed to avoid risks affecting industrial control system (ICS) networks, such as device failures.
● Operating costs for site personnel to implement and maintain security controls are high, affecting overall productivity.
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10

ICS security architects face a difficult task. First, security controls and solutions tend to be built up over time, and industry vendors tend to approach the problem with point products, expecting security architects to create a smooth-running, integrated solution. But the reality is that this approach is difficult, time consuming, and prohibitively costly to implement and maintain. Second, most security teams don’t fully know what their respective
ICS environments look like from an asset inventory point of view. Without this knowledge, it is impossible to truly harden and secure the environment. Finally, as threats continue to increase, the operating costs of meeting security and compliance needs can be high.
Clearly, a more robust, flexible, and secure solution is required. The solution must connect networks and enable monitoring and data flow over a secure network. It must be flexible and capable of being deployed in existing environments. Most important, it must deliver defense-in-depth features to organize, harden, defend, and respond to threats.
The Cisco Secure Ops solution is designed to provide an integrated and standardized solution for securing industrial automation environments, protect against risks, improve efficiency, and reduce site downtime. Customers can choose to implement security controls using a building block approach that allows them to address various attack vectors as their business demands (Figure 1).
Figure 1. Building Block Approach to Security
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 10

● Lower risk to ICS domain environment
● Reduced cost of delivering ICS security
● New services that improve productivity and reduce cost of production
● Improved ROI: an independent customer study found approximately US$700,000 savings per site over a 5 year period
Cisco Secure Ops delivers a wide range of benefits across the organization:
● Business leaders gain situational awareness for better security maturity and compliance within various parts of the business.
● Site leadership and management benefit from reduced management complexity and increased consistency across individual sites, leading to optimized operating costs.
● Site technical leaders are provided with a technical solution to help manage security and compliance on a per-site basis as well as valuable tools to increase security through standardized interfaces and capabilities.
● Corporate risk and compliance leaders receive near-real-time information about operation risks associated with cybersecurity threats and adherence to compliance policies.
The Cisco Secure Ops solution provides critical infrastructure security as a service, and customers who implement the solution have experienced:
● A consistent, integrated solution for addressing security and other risks in the industrial control domain
● Increased site productivity and significantly lower operating costs
● Improved, and in some cases, automated compliance
Cisco Secure Ops consists of tightly integrated Cisco and third-party products and services (Figure 2) and is unique in several ways:
● It is designed to be dropped into the demilitarized zone (DMZ), between the enterprise and industrial control domains.
● The solution is designed to be easily deployed in either existing or new environments.
● The integration goes beyond the technology and extends into commercial arrangements with automation suppliers for services such as qualified patches and antivirus updates.
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 10

Figure 2. Cisco Secure Ops Solution Components
Main features include:
● Single, global information repository
● Situational awareness dashboards and reports (network status, access and inventory management, and security compliance and assurance)
● High-availability infrastructure (for system-to-system and user-to-system connectivity)
● Secure access
● Asset discovery and inventory
● On-premises backup and restore capabilities
● Automated Microsoft Windows and automation-vendor-qualified patches
● Automated signature updates approved by automation suppliers
● Automated daily log collection and management
● Global support 24 hours a day, 365 days a year, using a “follow the sun” support model
● Proactive performance and fault monitoring
● Global security incident response and monitoring services
● Security event correlation and incident notifications
● Network availability and performance monitoring and reporting
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 10

Cisco Secure Ops consists of Cisco SecureCenter and SecureSite services. Table 1 lists Cisco SecureCenter services.
Table 1. Cisco SecureCenter Services
Data Center Planning, Design, and Implementation (PDI):
High-Level Design (HLD), Low-Level Design (LLD), etc.
Operational Readiness Testing
Application Monitoring Services
Services Transition and Activation
Technology and Architecture
● High-Level Architecture Build
● Identity Services and Policy Management
Service Operations
● Incident Management
◦
Break and Fix x
◦
Third-Party Escalation Management x
● Situation Management (Critical Issue with Defined Process) x
● Problem Management
● Change Management
◦
Customer Requested Policy Updates (Standard
Changes)
◦
Firmware Updates
◦
Maintenance Window Management and Release
Planning
◦
Track Change History
● Business Continuity Plan (BCP)
● Disaster Recovery x x x x
Service Management
● Service-Level Reporting
● Tracking and Demand Generation
● Business-Level Escalations
● Service Upgrade Management
● Ticketing Integration and E-bonding
● Services Dashboard
● Services Catalog
Managed ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Customer
Premises)
x
Virtual ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Cisco
Premises) x x x x x x
Customer selected and Cisco validated
Virtual cloud x x x x x x x x x x x
Cisco SecureCenter x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x
Hybrid ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Customer
Premises) x x
Private cloud and on-premises kit
Optional x
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 10

Managed ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Customer
Premises)
Solution Management
● Solution Evergreening and Lifecycle Management
● Core Solution Architecture Validation x
Through
Operational
Readiness Testing
(ORT) x
● Customer Environment Validation
Through
Operational
Readiness Testing
(ORT)
● Network Optimization Services (Cisco Secure Ops Scope) x x
● Solution Roadmap Reviews (4 Times a Year)
● Detailed Release Planning x x x x
● Supplier Management
● Sandbox Monitoring for Testing x x x
Configuration Management
● Asset Reporting
● Asset Management x x
Cisco SecureCenter
Virtual ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Cisco
Premises)
Hybrid ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Customer
Premises) x x x x x x x x x x
Security Bundle
● Password Change Management
● 2-Factor Authentication
● Security Monitoring
● Secure Access x
● Asset Discovery, Asset Inventory, and Compliance
● Automation Supplier Approved Antivirus Management x x
● Automation Supplier Approved OS and Automation Supplier
Patch Management x
● Access and Inventory Management and Status Dashboard x
● Situational Analysis Dashboard (ICS and IT Network Status) x
● Compliance Reporting and Dashboard
● Log Collection and Management
● Identity Services and Policy Management
● Vulnerability Scans
● Advanced Malware Detection
● Cyberthreat Defense (Managed Threat Defense)
Backup and Recovery and Redundancy
● Virtual Machine Replication, Backup, and Restore
● Geographic Redundancy
Service Levels
● Service Window
● Time to Notify (TTN)
● Time to Respond (TTR)
● Change Management Success Rate x x x x x x x x x
7x24 x x x x x x x x x x x x x x x x x x x x x
7x24 x x x x x x x x x x x x x x x x x x x x x
7x24 x x x
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Optional x x x x x x x x
Page 6 of 10

● Remote Service Restoration
● Technical Availability
4 elapsed hours
● Standard Request (Percentage Completed Without Errors)
Depends on service provider
SLA
● Aged-Ticket Analysis x
● Percentage of Problem Tickets Raised x
● Percentage of Problems with Root Cause Found x
● Percentage of Problems Without Root Cause Found
● Percentage of Problems Resolved
Depends on service provider service-level agreement (SLA) x x
● Service Reliability (Clean Days)
● Operational Key Performance Indicator (KPI) Report
Managed ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Customer
Premises) x x
● Service Request Fulfilled Report x
Cisco SecureCenter
Virtual ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Cisco
Premises)
Hybrid ICS
SecureCenter
(Cisco Owned,
Cisco Managed, and Customer
Premises)
4 elapsed hours
99.90%
>= 99.75% x x x x x x x x
4 elapsed hours
99.90%
>= 99.75% x x x x x x x x
Optional
Table 2 summarizes the services provided for each Cisco SecureSite according to the service tier.
Table 2. Cisco SecureSite: Service Tiers, Service Levels, and Service Windows
Enhanced x
Cisco SecureSite
Cisco SecureSite PDI: HLD, LLD, and
Implementation
Standard x
High x
Services Transition and Activation
Technology and Architecture
● High-Level Architecture Build x
Service Request Management
● Site Survey x
● Order Equipment (Site Instantiation) x
● Stage and Provision Devices
● Build, Configure, and Test
● Hand Over x x x x x x x x x x x x x x x
Standard highavailability connectivity design
High-availability connectivity design and active-standby
High-availability connectivity design and active-active
● Identity Services and Policy
Management
● Physical Security and Safety
● Wi-Fi
● 3G and 4G
Optional x x x x
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 10

Standard
Service Operations
● Incident Management
◦
Break and Fix
◦
Third-Party Escalation
Management
● Situation Management (Critical Issue with Defined Process)
● Problem Management
● Change Management
◦
Customer Requested Policy
Updates (Standard Changes)
◦
Firmware Updates
◦
Maintenance Window
Management and Release
Planning
◦
Track Change History x x x x x x x x x
Service Management
● Service-Level Reporting
● Tracking and Demand Generation
● Business-Level Escalations x x x
● Service Upgrade Management
● Services Catalog x x
● Ticketing Integration and E-bonding
● Services Dashboard x x x x x
Solution Management
● Solution Roadmap Reviews
(4 Times a Year) x
● Core Solution Architecture Validation x
● Sandbox Monitoring for Testing
● Solution Evergreening and Lifecycle
Management x
● Customer Environment Validation
● Network Optimization Services
(Cisco Secure Ops scope)
● Supplier Management
● Detailed Release Planning
Configuration Management
● Asset Management
● Asset Reporting x x x x x x
Security Bundle
● Layer 3 and 4 Firewall Management
(Sites)
● Password Change Management
● 2-Factor Authentication x x x x x x
● Security Monitoring
● Secure Access x x x x
● Network Segmentation x x
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. x x x x x x x x x x x x x x
Cisco SecureSite
Enhanced x x x x x x x x x x x x x x x x x
High x x x x x x x x x x x x x x x
Optional x
Page 8 of 10

● Asset Discovery, Asset inventory, and Compliance
● Automation Supplier Approved
Antivirus Management
● Automation Supplier Approved OS and Automation Supplier Patch
Management
● Log Collection and Management
● Identity Services and Policy
Management
● Managed ICS Application Hosting
● Vulnerability Scans
● Cyber threat Defense (Managed
Threat Defense)
● Advanced Malware Detection
● Intrusion Protection Service
(Managed IPS)
● Intrusion Detection System (IDS)
● Whitelisting and Blacklisting
● IPS Supervisory Control and Data
Acquisition (SCADA) Signatures x x x
Backup and Recovery and
Redundancy
● Virtual Machine Replication and Data
Backup (Site Level) x x x x x x x x
Standard x
Service Levels
● Service Window
● Time to Notify (TTN)
5x8 x
● Time to Respond (TTR) x
● Change Management Success Rate x
● Deployment Period (3 Months or
Less)
● Remote Service Restoration
● Technical Availability x
8 business hours
● Standard Request (Percentage
Completed Without Errors)
● Aged-Ticket Analysis
● Percentage of Problem Tickets
Raised
● Percentage of Problems with Root
Cause Found
● Percentage of Problems Without
Root Cause Found
● Percentage of Problems Resolved
● Service Reliability (Clean Days)
● Operational KPI Report
● Service Request Fulfilled Report
Training
● ICS IT Team Remote Training
(Twice Annually) x x x x x x x x x x x x x x x x x x x x x x x
Cisco SecureSite
Enhanced x
High x x x x
7x24 x
8 elapsed hours
98.50%
>=90%
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. x x x x x x x x x x x x x x x x x x x x x x x
7x24 x
4 elapsed hours
99.50%
>=95% x x x x x x x x x
Optional x x
Page 9 of 10

Cisco Services helps ensure that your expectations are met: from planning to building to implementing your solution. Consult with Cisco Services to increase your return on investment and achieve your goals in every phase of your project, even after deployment.
For more information about Cisco Secure Ops, please contact your account manager or visit the Cisco Secure Ops
Solution website: http://www.cisco.com/go/secureops .
Printed in USA
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C22-732983-00 10/14
Page 10 of 10