CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE
“We need help with moving from the
concept of a systems-based security
solution to actual design and
implementation.”
“We have a lot of separate security
products, but no way to coordinate
information or threat responses
between them.”
What It Is
“We need better visibility into what
is happening on our network.”
Top Questions To Ask To Initiate The Sale
Business Transformation
Cisco SAFE is a reference security architecture
that provides prescriptive Cisco Validated Design
guides that address the planning, design and
deployment of security solutions for the unique
requirements of the different places in the network,
such as Campus, Internet edge, Branches, and
Data Center.
These blueprints also provide best practices
guidance for securing critical data and transactions
as they traverse the entire networked
infrastructure.
SAFE’s unique defense-in-depth approach blends
security elements with the network infrastructure
so that event and posture information is shared
between devices to create greater visibility, and
enhances threat control through responses
coordinated under a common control strategy.
•
Step-by-step network security design and
implementation guidance shortens deployment
•
•
1.
Solutions-based approach focused on risk
management rather than product placement
Do you have a security strategy that supports systemwide intelligence sharing and collaboration, or simply
a collection of stand-alone security products?
2.
Designed using the Cisco Security Control
Framework to enable support by Cisco Lifecycle
Security Services
Are your business processes well understood? Is
your security strategy aligned with your business
processes and strategy?
3.
What business applications, services, and
infrastructure changes are being deployed or may be
deployed in the next several years?
4.
Change the discussion from products to risk
management: What are the risks associated with your
specific business strategy, now and in the future?
How do we reduce THOSE specific risks as much as
possible?
5.
What regulatory compliance mandates are required
for your organization and what is the status on
meeting them? Do you have a systems strategy to
meet your security goals and maximize risk reduction.
•
Layered security design helps prevent being
overwhelmed by a large or unexpected attack
•
Threat visibility and coordinated response
reduces exposure and IT overhead
•
Layered security + network architecture ensures
business-critical services availability
•
Modular design allows gradual improvement
based on priority
•
Delivers best practices and functions commonly
required by regulations and standards
Where It Fits
“We need to make sure that our security
strategy can meet the demands of the
new ways we are doing business.”
KEY SAFE BENEFITS
Management
Branch
WAN Edge
Si
WAN
Extranet
Campus
Partner
Si
Si
Core
Si
Teleworker
Internet Edge
Si
Data Center
Internet
Si
SensorBase
E-Commerce
Si
Worldwide Sales Enablement - QuickStart - Security
• Changes conversation from point
products to solutions
• Shortens time from planning to
deployment
• Tested and validated architecture
• Detailed implementation guidance
• Integrated, collaborative defense-in-depth
• Supports new Cisco technologies
• Addresses real-world issues
• Provides full lifecycle services
1
Access the QuickStart for Security on Sales University or PEC for more resources.
CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE
Security Control Framework
Top Customer Objections
Security Devices
Objection: “I don’t have the budget to
completely overhaul my entire security
infrastructure.”
Answer: “While SAFE designs can
accommodate non-Cisco security
products, it is critical that every
component is reassessed in terms of its
ability to support business objectives,
increase threat visibility, exercise crossnetwork control, and minimize risk.
Cisco services can provide a
comprehensive assessment to help you
prioritize changes.”
Objection: “Isn’t there a risk with having
all my security from a single vendor?”
Answer: “SAFE’s defense-in-depth
design combines layered best-of-breed
security with powerful collaboration to
provide maximum risk reduction.”
Objection: “I don’t have the expertise to
deploy something as comprehensive as
SAFE.”
Answer: “Cisco Lifecycle Security
Services are available for every phase
of SAFE implementation, from
assessment and design, to deployment
and management.”


Security
Solutions



Answer: “SAFE is modular in design so
you can prioritize improvements and
focus on critical places in your network
first.”
Objection: “What do we do with our
current deployment of non-Cisco
security products.”
The Competition
VPNs
Monitoring
PCI
DLP
Threat Control
Monitor
Visibility



Firewall
Email Filtering 
Campus
WAN
Edge
Branch
Network
Devices



Policy
and
Device
Manage
Identify
Harden
ment
Correlate
Data
Center
Admission Control
Intrusion Prevention
Isolate
Routers
Servers
Switches
Control
Enforce
Internet
Edge
Ecommerce
Cisco
Virtual
Office
Virtual
User
Partner
Sites
Secured Mobility, Unified Communications, Network Virtualization
Network Foundation Protection
Network security competitors, such as
Juniper: Like point product vendors, devices
such as Juniper’s NetScreen are still poorly
integrated into the network, so they suffer
from poor visibility and control. Furthermore,
they often do not provide solutions for many
critical business applications and services,
such as virtualization or UC
Cisco SAFE Strategy:
• Focused on solutions and risk management
rather than products and features
Services
The Cisco Security Framework provides a consistent policy
deployment and enforcement strategy for the SAFE
architecture to enhance visibility and control across each
place in the network, and across the entire infrastructure
Visibility:
• Identify and classify users, traffic, and devices
• Monitor and record events and behaviors
• Collect and correlate data from multiple sources
• Identify and detect anomalous traffic and threats
• Classify traffic to apply security controls
Control:
• Harden network and endpoint devices
• Limit access and usage per user, application and device
• Protect against known and unknown threats
• Isolate users, systems, services, and applications
• Collaborative response to anomalous events
• Enforce access controls and security policies, and mitigate
security events
Worldwide Sales Enablement - QuickStart - Security
Legacy security competitors, such as
CheckPoint and Symantec: Point products
lack the ability to collaborate with other
security devices or the network infrastructure.
Because they are siloed in a single point in a
network they provide limited threat visibility
and control.
• Fully tested and validated architecture
based on best security practices that cover
the entire network.
• Emphasizes collaboration between devices
and PINS for increased visibility and control
• Designed to secure and enhance businesscritical applications and services
• Maximizes customer value by providing
design and deployment guidelines for Cisco
platforms and capabilities.
Additional Resources
Internal: http://wwwin.cisco.com/go/cwc
External: http://www.cisco.com/go/safe
Access the QuickStart for Security on Sales University or PEC for more resources.
2