Cisco ISA500 Series
Integrated Security Appliance
Competitive Selling: Cyberoam
Speaker Name and Title
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
• Vendor data used in this documentation is collected from
public domains
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
Cyberoam CR15wi-CR25ia (Small Business)
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
• Better security—performance and quality (SIO)
• Easy of use with simplicity design, bundled licensing
• Cost saving with tested Cisco Solution Integration
• Solution portfolio offerings
• Rich routing and switching capabilities at its class
• Competitive performance pricing
• Better service support
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Cisco
Performance
(Source: Datasheet)
Cyberoam
ISA550
ISA570
CR-15i
CR-25i
Firewall Throughput
200 Mbps
500 Mbps
90 Mbps
225 Mbps
VPN Throughput
75 Mbps
130 Mbps
15 Mbps
30 Mbps
Anti-Virus Throughput
50 Mbps
80 Mbps
20 Mbps
65 Mbps
IPS Throughput
60 Mbps
90 Mbps
40 Mbps
70 Mbps
UTM Throughput
45 Mbps
75 Mbps
15 Mbps
50 Mbps
• Cisco ISA500 offers better UTM performance and all other security services
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
• Security threats change dynamically; threat analysis needs to keep up
• Cisco SIO—an extensive security analysis system, provides unparalleled global threat
intelligence for ISA500 to prevent threats and attacks in time
Cisco SIO
• 700k+ sensors all over the globe
• 5 billion web requests per day
• 35% of global email traffic examined
• Millions of live security data
feeds collected
• 8 Millions of security updates
Cyberoam Research and
Development Investment Is Only
a Subset of Cisco SIO’s
• No global presence or ‘follow-the-
sun’ support
• Total number of company employees
is about 600, R&D a small subset of
that number
• 500+ security analysts (PhD’s, CCIEs)
• $100M+ R&D investment within SIO
Source: Wikipedia
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
Cisco ISA500
Cyberoam
• Built-in configuration wizards to simplify
• User needs to navigate through
multiple security service deployments
multiple pages and options to
configure security services
• Many services can be configured and up
and running within minutes
• Limited built-in configuration wizard
• PC Magazine Review:
Setup is difficult
Ports not labeled
Configuration requires digging deep into
the interface
Weak printed documentation
http://www.pcmag.com/article2/0,28
17,2281212,00.asp
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Cisco ISA500
Cyberoam
• Easy to use navigation interface
• Cumbersome to navigate
• Structured organization
• Sporadic navigation experiences
Total 10 Navigation
Sections and All
Are Observable in
One Window
 Learnability
 Efficiency
 Memorability
• High learning
curve
• Limited
configuration
wizards
(network only)
• Common settings
buried deep
in many
menu levels
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
• User can enable a security service with a simple mouse click
• No need to have extensive security background to deploy and secure business networks
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
High-Speed Uplinks
• ISA500 has Gigabit uplinks on both ISA550 and ISA570 models (including on
wireless variants)
• Cyberoam SB UTM products (in this comparison) have no Gigabit uplink options for high-
speed WAN access, which may hamper connection speeds
Full LAN Switching
• ISA500 has more switch ports with full 802.1Q support
• Cyberoam products may require additional switch—increases solution cost and potential
for integration issues
VPN
• ISA500 supports IPSec VPN clients on many more OS and mobility platforms
• Cyberoam VPN is Windows only
Mounting
• ISA500 gives option for desktop, rack-mount (in box), and wall-mount
• Cyberoam lacks rack-mount options on its low-end products
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
Network Services
• Cyberoam products lack QoS for differentiated service, which may impact
application performance under heavy workloads
• ISA500 implements QoS more comprehensively (not just policy enforcement)
• ISA500 has support for differentiation of network services (improves
user experience)
• ISA500 provides more comprehensive wired and wireless network access
control with 8021x
Resiliency
• Cyberoam SB products lack resiliency
• ISA500 has support for dynamic routing + VRRP for redundancy
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
Licensing
• Cisco ISA500 licensing is simple, affordable, and easier to install
Included in base cost of system (turn on what’s needed—when you need it)
One license to activate and manage
• Cyberoam licensing is more complicated
License modules require to be purchased separately and need multiple steps to activate
various services
Extra subscriptions and costs for ‘optional’ security services
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
Management
• Cyberoam reporting and management tools rely on the purchase of additional
central management appliances, which may increase total solution cost
• ISA500 management doesn’t require the purchase of additional systems
or appliances
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
• Cyberoam sells a security box that bolts onto network,
not solutions—no tested interoperability with other
infrastructure products
• Cisco offers a more comprehensive SMB portfolio, with
components that are quality- and interoperability-tested
(voice, video, security, switching, routing, and wireless)
• Customers can add technologies as needed and benefit
from Cisco products designed to work together
• Choose ISA500 and avoid the complexity that comes from
working with multiple vendors
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
14
• Optimized for solution deployment and lower operational cost
Example of Tested Devices:
SPA500 Series IP Phones,
Cisco ASA5505, Cisco ISR
800, Cisco ASR1004, Cisco
UC500, UC320, Cisco RV
Routers, SPA100, SPA200,
Cisco 100/200/300 Switch,
Catalyst 2960/3750, AP500,
OnPlus, WAP121/WAP321
© 2012 Cisco and/or its affiliates. All rights reserved.
ISA500
Cisco Confidential
15
Cisco
Cyberoam
• Eight product SKUs—easy
• Many product SKUs variant—higher
to understand, manage, and
start selling
• Consistent feature sets
across models
• “Pay as you go” management
solution to start managed
service offerings
As low as $250 to start manage
a customer using Cisco OnPlus
More affordable hosted managed services
learning curve to learn, manage,
and sell
• Inconsistent feature sets across
models
• IPSec VPN—extra licensing
modules
• High upfront cost to start managed
service offerings
Central console appliance needed for
centralized security management
Requires self-hosting and management
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
16
Warranty
• Cyberoam requires additional $ for 8x5 support
• ISA500 standard warranty includes 8x5 support for first year with Small Business Support
contract options to extend support by three years
Documentation
• Cyberoam configuration is complex with weak documentation
• ISA500 has extensive documentation with quick start guides, user and comprehensive
administration guides
Support
• Cyberoam services rely on working with multiple vendors
• Cisco offers a single contract point for all product and license purchasing, deployment,
maintenance and upgrades
• ISA500 SB products are supported by global Service Center with CCNA certified
technicians that troubleshoot whole network, not just a box
• Cisco has rich self-help capabilities through SMB Support Community
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
Cisco
Cyberoam
Switches
Wireless
Voice Gateway
100, 200, 300, 500
Stackable Series,
Catalyst 2900, etc.
100, 300 Series
AP500,
AP1100/1200
BE3000, ISR CME
SPA100/ATA, etc.
Router
IP Phone
RV100, 200, ISR800,
ISR1900, etc.
SPA300, SPA500,
7900, etc.
Only offers security
products with very
limited wireless
and no switch
product options
Security
SA500, ISA500,
ASAS5505, etc.
Network Management
OnPlus, CCA, FindIT, Office Manager
• For Cisco partners, ISA500 offers an additional solution selling opportunity
without complicating support models
• For new Cisco partners, the breadth of Cisco products provides growth
opportunity for partners without extra efforts to develop new vendor relationship
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
18
Cisco Advantages
Superior Security
Product:
Better Customer
Satisfaction
Easy to Use and
Solution
Integration:
Lower
Operational Cost
Simple to Start
Selling:
Higher Profitability
Stable Brand
Offering Revenue
Growth Potential
Cisco ISA500
•
Superior security threat protection with SIO
•
Higher UTM (security services) performance
•
All Gigabit Ethernet interfaces on all models
Cyberoam CR15/25
•
Security R&D investment is only a small subset
of Cisco’s
•
Lower UTM performance
•
FE only on all its models
•
Lower learning curve with simplicity, SMB
purposed-built design—feature, GUI, flow
•
Complex licensing models not included in base
system cost
•
Fast to deploy with six built-in
configuration wizards
•
“Fit” to SMB (not designed for SMB)
•
•
Integrates routing and switching capabilities on
all models
Limited built-in wizards; more steps required to
setup security services
•
Inconsistent features among models
•
Interoperability tested with other Cisco products
and solutions
•
Limited network product portfolio and lack of
support for differentiated services
•
Simplified packaging—Eight SKUs, one license
only, consistent features
•
Requires high upfront cost to start managed
service offerings
•
Manageable by Cisco hosted cloud-based
management services—OnPlus/Advanced
Security Services
•
Requires resource to host and manage its
management appliance
•
Pay as you go pricing model with Cisco OnPlus
•
$40B+ revenue; 25+ years in industry
•
Channel alignment uncertainty
•
Breadth of Cisco network solution portfolio for
great cross-sell opportunity
•
Limited network portfolio
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
20
Security
•
Unrivaled security threat protection with Cisco Security Intelligence Operations (SIO)
•
Higher UTM performance
•
802.1x port access control, network reputation, cloud-based gateway AV, etc.
Solution
•
Integrated with rich routing and switching capabilities
•
Advanced QoS with LLQ helps to optimize converged applications
•
Rich LAN switching capabilities make LAN network integration easier
Adaptability
•
Purpose-built and simplified design—lowers learning curve, shortens deployments
•
Simplified packaging—simplified buying, selling, and maintenance of solution
Partner Profitable
•
Manageable by Cisco cloud services, OnPlus and Advanced Security Services
Competitive Performance Pricing
•
More ports, higher performance, no extra cost for AV, Email Filtering and VPN services
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
Feature Comparison
(Based on Datasheets)
Cisco ISA500 Series
(ISA550W, ISA570W)
Cyberoam
(CR15i, CR25i, CR35i)
SPI Firewall (Standards-Based)
SPI Firewall (Proprietary Identity-Based)
Primary Security Requirement: Access Control
Firewall
Security Services
Yes
No
Yes—Cloud-Based (Cisco SIO)
Yes—Device-Based
Yes—Powered by Cisco SIO
Yes—Device-Based
Network Reputation Filtering
Web-Threat Protection
Web URL Filtering
IPS
Yes—Included
Yes—Additional $ (Subscription Required)
Gateway Anti-Virus (AV)
Yes—Included
Yes—Additional $ (Subscription Required; Kaspersky)
Yes—Included
Yes—Additional $ (Subscription Required; CommTouch)
Yes—22+ Categories
Yes—11+ Categories
Yes—More Comprehensive Wizards and Better Usage Scenarios
Only Simple Wizards (Network Only)
SPAM Filter
Application Control
Usability
Configuration Wizards
Multi-Service Network Support (Voice, Video, Data)
Policy-Based Queuing
Yes
No
Advanced—Strict Priority, WRR, Low Latency Queuing
Basic—Strict Priority
WAN Traffic Classification, Marking
Yes
Yes
LAN QoS (802.1p CoS/DSCP)
Yes
No
Number of LAN Queues
4
No
LAN Queuing Strategies
Yes—Strict Priority, Weighted Round Robin, SP+WRR
No
Yes—DSP and CoS
No
Yes
No
Yes—DSP and CoS
No
Number of Wireless Queues
4
No
WPS (Wi-Fi Protected Setup)
Yes
No
Traffic Meter on WAN
Yes
No
LAN Switching Support
Yes
No
WAN Queuing Strategies
LAN Traffic Classification and Marking
Wireless QoS—802.1e (WMM)
Wireless Traffic Classification
and Marking
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
22
Area
Hardware
Cisco
ISA550W
Cisco
ISA570W
WAN
Interface
2 (GE)
2 (GE)
LAN
Interface
Up to 6 (GE)
Up to 9 (GE)
DMZ
Interface
Up to 4 (GE)
Yes
Features
802.11 Wi-Fi
(in Wireless
Model Only)
Cyberoam
CR15wi
Cyberoam
CR25wi
Cyberoam
CR50ia
3 (FE)
Configurable
4 (FE)
Configurable
6 (FE)
Configurable
Up to 4 (GE)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
• With dual WAN on all models, Cisco ISA500 allows all its customers to have WAN
redundancy and increases business availability as well as providing LAN switchports
• With DMZ support on all models, Cisco ISA500 enables its customers to set up public
facing servers and/or services as needed
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
23
Cisco
ISA550W
Cisco
ISA570W
Cyberoam
CR15wi
Cyberoam
CR25wi
Cyberoam
CR50ia
Yes—Powered by
Cisco Security
Intelligence Operation
(SIO)* Dynamically
from Cloud
Yes—Powered by
Cisco Security
Intelligence Operation
(SIO)* Dynamically
from Cloud
Yes—Depends
on DeviceBased Web
Category
Database (DB)
Yes—Depends
on DeviceBased Web
Category
Database (DB)
Yes—Depends
on DeviceBased Web
Category
Database (DB)
Yes—Powered by
Cisco SIO*
Yes—Powered by
Cisco SIO*
Yes—Local DB
Yes—Local DB
Yes—Local DB
Yes
Yes
Yes—Extra
Subscription
Required ($)
Yes—Extra
Subscription
Required ($)
Yes—Extra
Subscription
Required ($)
Yes—Powered by
Cisco SIO*
Yes—Powered by
Cisco SIO*
No
No
No
Yes
Yes
Yes—Extra
Subscription
Required ($)
(Kaspersky)
Yes—Extra
Subscription
Required ($)
(Kaspersky)
Yes—Extra
Subscription
Required ($)
(Kaspersky)
Spam Filter
Yes—Powered by
Cisco SIO* (Bundled)
Yes—Powered by
Cisco SIO* (Bundled)
Yes—Extra
Subscription
Required ($)
(CommTouch)
Yes—Extra
Subscription
Required ($)
(CommTouch)
Yes—Extra
Subscription
Required ($)
(CommTouch)
Application Control
Yes (22 Top-Level
Categories,
Encompassing
Comprehensive and
Expanding Set of
Network Applications)
Yes (22 Top-Level
Categories,
Encompassing
Comprehensive and
Expanding Set of
Network Applications)
Yes (11
Categories)
Yes (11
Categories)
Yes (11
Categories)
Area
Features
Web Threat
Protection
Web URL Filtering
IPS
Network
Reputation Filter
Security
Services
Gateway Anti-Virus
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
Area
Performance*
VPN
Cisco
ISA550W
Cisco
ISA570W
Cyberoam
CR15wi
Cyberoam
CR25wi
Cyberoam
CR50ia
Firewall
Throughput
200 Mbps
500 Mbps
90 Mbps (TCP),
150 Mbps (UDP)
225 Mbps (TCP),
450 Mbps (UDP)
750 Mbps (TCP),
1000 Mbps (UDP)
VPN
Throughput
80 Mbps
130 Mbps
15 Mbps (3DES)
30 Mbps (3DES)
60 Mbps (3DES)
Anti-Virus
Throughput
60 Mbps
100 Mbps
20 Mbps
65 Mbps
150 Mbps
IPS Throughput
75 Mbps
130 Mbps
40 Mbps
70 Mbps
200 Mbps
UTM
Throughput
45 Mbps
80 Mbps
15 Mbps
50 Mbps
130 Mbps
Concurrent
Sessions
15,000
40,000
30,000
130,000
220,000
Site-to-Site
VPN Tunnel
50
100
Not Documented
Not Documented
Not Documented
IPSec VPN
Client Support
50 (License
Included)
100 (License
Included)
Not Documented
Not Documented
Not Documented
SSL VPN
Client Support/
Recomm.
Ended
25 (License
Included)
50 (License
Included)
Not Documented
Not Documented
Not Documented
Features
*Performance data are based on vendor’s datasheet. The actual performance number may vary based on testing environment.
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
Cisco
ISA550W
Cisco
ISA570W
Cyberoam
CR15wi
Cyberoam
CR25wi
Cyberoam
CR50ia
Yes
Yes
Yes
Yes
Yes
RIPv1/v2
RIPv1/v2
RIPv1&v2,
OSPF, BGP
RIPv1&v2,
OSPF, BGP
RIPv1&v2,
OSPF, BGP
Policy-Based Routing
Yes
Yes
No
No
No
Advanced NAT
Yes
Yes
Yes
Yes
Yes
DHCP Server
Yes
Yes
Yes
Yes
Yes
IP to MAC Binding
Yes
Yes
Yes
Yes
Yes
VLAN Support
Yes
Yes
Yes
Yes
Yes
LAN Switching Support
Yes
(Including SPT)
Yes
(Including SPT)
No
No
No
Rate-Limiting (WAN)
Yes (App-Based
Planned)
Yes (App-Based
Planned)
Yes
Yes
Yes
Traffic Prioritization—
Queuing (WAN)
SP, WRR, LLQ
SP, WRR, LLQ
Yes
Yes
Yes
Traffic Shaping (WAN)
No
No
No
No
No
LAN QoS (802.1p CoS/
DSCP Based)
Queuing with SP,
WRR, LLQ
Queuing with SP,
WRR, LLQ
No
No
No
Wireless QoS—802.1e (WMM)
Yes
Yes
No
No
No
WPS (Wi-Fi Protected Setup)
Yes
Yes
No
No
No
VRRP
Yes
Yes
No
No
No
Traffic Meter on WAN
Yes
Yes
No
No
No
Area
Features
WAN Failover
Dynamic Routing Protocol
Network
Services
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
Area
Management
Mounting
Options
Support
Cisco
ISA550W
Cisco
ISA570W
Cyberoam
CR15wi
Cyberoam
CR25wi
Cyberoam
CR50ia
Device GUI
Yes
Yes
Yes
Yes
Yes
Configuration
Wizards
Yes
Yes
Yes
Yes
Yes
Cloud-Based
Tool—OnPlus
Cloud-Based
Tool—OnPlus
Hardware
Appliance (for
Security Only)
Hardware
Appliance (for
Security Only)
Hardware
Appliance (for
Security Only)
Automatic New
Firmware Detection
and Alerting
Yes
Yes
No
No
No
Rack Mount
Yes
Yes
No
No
Yes
8x5 + WebBased Support
Community
8x5 + WebBased Support
Community
8x5—Extra
Subscription
Required ($)
8x5—Extra
Subscription
Required ($)
8x5—Extra
Subscription
Required ($)
Features
Centralized
Management Tool
Hours
• Cisco ISA500 supported by Cisco-hosted cloud management services—OnPlus, enables
partners to manage entire customer’s networks, not just security devices
• Cisco OnPlus with “pay as you go” pricing model makes partner to start managed service
offerings easily—no upfront cost and hassle to maintain network management appliance at
its premises
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
• Cisco is the market share leader in overall network appliance
security market*
• Cisco is the top player in multiple Magic Quadrant, including web
and email security, where we play in**
• Breadth of product portfolio in all network areas, not just security
• Dedicated support teams for SMB market simplifying solution supports
• Company (channel strategy) and financial stability—$45B+ revenue;
25+ years in industry
Leadership, Growth, Stability
Sources:
*Infonetics
**Gartner MQ Report 2011
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
Thank you.
$
Simplicity Design of Cisco
ISA500 Reduces Time and
Cost to Complete a Sale
Revenue from Sell
• Cisco OnPlus
~
Profitability
• Built-in configuration wizards
Cost/Expense to Sell
$
$
Tasks to Sell
$
$
$
$
• Solution tested
Support
Maintenance
Deployment
Setup
• Easy to navigate
• Simplified flow
• Consistent features set
• SMB focused features
Education Customer
• One license to manage
Understand Product Offering (Partner Self)
• Simplified SKUs
Time Spent
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
30
Firewall Throughput Comparison
UTM Throughput Comparison
CR25wi
CR25wi
CR15wi
CR15wi
ISA570
ISA570
ISA550
ISA550
0
100
200
300
400
500
0
20
40
Mbps
Mbps
Anti-Virus Throughput Comparison
CR25wi
CR15wi
CR15wi
ISA570
ISA570
ISA550
ISA550
20
© 2012 Cisco and/or its affiliates. All rights reserved.
40
Mbps
60
80
IPS Throughput Comparison
CR25wi
0
60
80
0
20
40
60
80
100
Mbps
Cisco Confidential
31
• VPN Throughput is quite poor compared to Cisco ISA500
VPN Throughput Comparison
30
CR25wi
15
CR15wi
130
ISA570
75
ISA550
0
20
40
60
80
100
120
140
Mbps
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
Licensing
• Cyberoam has extra costs for ‘optional’ security services, requiring subscriptions
that license services from 3rd parties
Anti-virus/anti-malware (Kaspersky)
Gateway anti-spam services (CommTouch)
IPSec VPN—extra licensing modules
• ISA500 licensing is simple, affordable, and easier to install (included in base cost
of system—no extras)
Reporting
• Cyberoam reporting and management tools also require purchase of additional
central management appliances and licensing
• ISA500 offers similar functionality through Cisco OnPlus with more cost effective
and scalable remote management/reporting
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
33