CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE “We need help with moving from the concept of a systems-based security solution to actual design and implementation.” “We have a lot of separate security products, but no way to coordinate information or threat responses between them.” What It Is “We need better visibility into what is happening on our network.” Top Questions To Ask To Initiate The Sale Business Transformation Cisco SAFE is a reference security architecture that provides prescriptive Cisco Validated Design guides that address the planning, design and deployment of security solutions for the unique requirements of the different places in the network, such as Campus, Internet edge, Branches, and Data Center. These blueprints also provide best practices guidance for securing critical data and transactions as they traverse the entire networked infrastructure. SAFE’s unique defense-in-depth approach blends security elements with the network infrastructure so that event and posture information is shared between devices to create greater visibility, and enhances threat control through responses coordinated under a common control strategy. • Step-by-step network security design and implementation guidance shortens deployment • • 1. Solutions-based approach focused on risk management rather than product placement Do you have a security strategy that supports systemwide intelligence sharing and collaboration, or simply a collection of stand-alone security products? 2. Designed using the Cisco Security Control Framework to enable support by Cisco Lifecycle Security Services Are your business processes well understood? Is your security strategy aligned with your business processes and strategy? 3. What business applications, services, and infrastructure changes are being deployed or may be deployed in the next several years? 4. Change the discussion from products to risk management: What are the risks associated with your specific business strategy, now and in the future? How do we reduce THOSE specific risks as much as possible? 5. What regulatory compliance mandates are required for your organization and what is the status on meeting them? Do you have a systems strategy to meet your security goals and maximize risk reduction. • Layered security design helps prevent being overwhelmed by a large or unexpected attack • Threat visibility and coordinated response reduces exposure and IT overhead • Layered security + network architecture ensures business-critical services availability • Modular design allows gradual improvement based on priority • Delivers best practices and functions commonly required by regulations and standards Where It Fits “We need to make sure that our security strategy can meet the demands of the new ways we are doing business.” KEY SAFE BENEFITS Management Branch WAN Edge Si WAN Extranet Campus Partner Si Si Core Si Teleworker Internet Edge Si Data Center Internet Si SensorBase E-Commerce Si Worldwide Sales Enablement - QuickStart - Security • Changes conversation from point products to solutions • Shortens time from planning to deployment • Tested and validated architecture • Detailed implementation guidance • Integrated, collaborative defense-in-depth • Supports new Cisco technologies • Addresses real-world issues • Provides full lifecycle services 1 Access the QuickStart for Security on Sales University or PEC for more resources. CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE Security Control Framework Top Customer Objections Security Devices Objection: “I don’t have the budget to completely overhaul my entire security infrastructure.” Answer: “While SAFE designs can accommodate non-Cisco security products, it is critical that every component is reassessed in terms of its ability to support business objectives, increase threat visibility, exercise crossnetwork control, and minimize risk. Cisco services can provide a comprehensive assessment to help you prioritize changes.” Objection: “Isn’t there a risk with having all my security from a single vendor?” Answer: “SAFE’s defense-in-depth design combines layered best-of-breed security with powerful collaboration to provide maximum risk reduction.” Objection: “I don’t have the expertise to deploy something as comprehensive as SAFE.” Answer: “Cisco Lifecycle Security Services are available for every phase of SAFE implementation, from assessment and design, to deployment and management.” Security Solutions Answer: “SAFE is modular in design so you can prioritize improvements and focus on critical places in your network first.” Objection: “What do we do with our current deployment of non-Cisco security products.” The Competition VPNs Monitoring PCI DLP Threat Control Monitor Visibility Firewall Email Filtering Campus WAN Edge Branch Network Devices Policy and Device Manage Identify Harden ment Correlate Data Center Admission Control Intrusion Prevention Isolate Routers Servers Switches Control Enforce Internet Edge Ecommerce Cisco Virtual Office Virtual User Partner Sites Secured Mobility, Unified Communications, Network Virtualization Network Foundation Protection Network security competitors, such as Juniper: Like point product vendors, devices such as Juniper’s NetScreen are still poorly integrated into the network, so they suffer from poor visibility and control. Furthermore, they often do not provide solutions for many critical business applications and services, such as virtualization or UC Cisco SAFE Strategy: • Focused on solutions and risk management rather than products and features Services The Cisco Security Framework provides a consistent policy deployment and enforcement strategy for the SAFE architecture to enhance visibility and control across each place in the network, and across the entire infrastructure Visibility: • Identify and classify users, traffic, and devices • Monitor and record events and behaviors • Collect and correlate data from multiple sources • Identify and detect anomalous traffic and threats • Classify traffic to apply security controls Control: • Harden network and endpoint devices • Limit access and usage per user, application and device • Protect against known and unknown threats • Isolate users, systems, services, and applications • Collaborative response to anomalous events • Enforce access controls and security policies, and mitigate security events Worldwide Sales Enablement - QuickStart - Security Legacy security competitors, such as CheckPoint and Symantec: Point products lack the ability to collaborate with other security devices or the network infrastructure. Because they are siloed in a single point in a network they provide limited threat visibility and control. • Fully tested and validated architecture based on best security practices that cover the entire network. • Emphasizes collaboration between devices and PINS for increased visibility and control • Designed to secure and enhance businesscritical applications and services • Maximizes customer value by providing design and deployment guidelines for Cisco platforms and capabilities. Additional Resources Internal: http://wwwin.cisco.com/go/cwc External: http://www.cisco.com/go/safe Access the QuickStart for Security on Sales University or PEC for more resources. 2