Cisco
Quick Hit
Briefing
Become a Cisco Security
Sales Guru - Master the
Cisco Security Portfolio
This session was recorded via Cisco WebEx! You can
watch the live session recording via the following URL:
https://acecloud.webex.com/acecloud/lsr.php?RCID=48db1
13ab90b4883aef8d5641c47d8ca
Thanks for your interest and participation!
Cisco
Quick Hit
Briefing
Become a Cisco Security
Sales Guru - Master the
Cisco Security Portfolio
Connect using the audio conference
box or you can call into the meeting:
1.
Toll-Free: (866) 432-9903
2.
Enter Meeting ID: 200 422 227
and your attendee ID number.
3.
Press “1” to join the conference.
Presentation Agenda
► Quick Hits and Customer Education
► Security in the 21st Century
► There’s Big Money in Hacking
► Become a Cisco Security Sales Guru!
About Your Host
Brian Avery
► Conclusion
Territory Business Manager, Cisco
Systems, Inc.
bravery@cisco.com
What Is a Quick Hit Briefing?
• A weekly partner briefing series designed for
Cisco Commercial Territory partners
• Concise, relevant updates on:
• Cisco products and solutions
• Partner programs and promotions
• Partner Enablement – Demand Generation,
Selling Skills, Closing Tools, etc.
• Welcome to Quick Hit Briefing #132– 26,667
attendees and growing!
Next Quick Hit Briefing
Be a Network Super Hero with Cisco IWAN Solutions
Thursday Oct 1st, 2015 at 9:30 ET
Check http://cs.co/quickhit for registration links and replays
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
NEW! Cisco
Customer
Education Series
(CCE)

Customer-facing WebEx Events - Let us sell for you!

Next event – Wednesday Oct 7th @ 1:30 p.m.
Hackers, Botnets and Malware - Oh My! Battle 21st Century Threats
with Cisco Next-Gen Security

Registration link | Invitation

Invite your customers to attend and we will notify you if they do!

Access registration links, replays at: http://cs.co/cisco101
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Security in the
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
st
21
Century
Cisco Confidential
6
Remember
This Movie?
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
http://www.imdb.com/title/tt0086567/
Cisco Confidential
7
Setec Astronomy!
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
http://www.imdb.com/title/tt0105435/
Cisco Confidential
8
There’s
Big Money
in Hacking
The Industrialization of Hacking
Sophisticated
Attacks, Complex
Landscape
Hacking Becomes
an Industry
Phishing, Low
Sophistication
1990
1995
2000
2005
2010
2015
2020
Viruses
Worms
Spyware and Rootkits
APTs Cyberware
1990–2000
2000–2005
2005–Today
Today +
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
The Problem is “The Easy Button”
1,000,000
70,000,000
56,000,000
2,600,000
1,100,000
Total Breaches in 2014 - 783
Records Exposed – 85,611,528
As of 12/31/2014 http://www.idtheftcenter.org/images/breach/DataBreachReports_2014.pdf
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
Attack Vectors

Virus

Trojan

Worm

Phishing

Social Engineering

Malware

Spyware

Botnets
© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Hacking

Malicious Web
Sites

OS
Vulnerabilities

So much
more…
Cisco Confidential
12
Your customer
says…
“I am just a
small fish in a
BIG pond.”
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
Yet organizations of every size are targets
Adversaries are attacking you
And using you
By targeting your organization’s:
To attack your enterprise customers and partners:
Customer data
41% of targeted attacks are against
organizations with fewer than 500
employees
(July 2014 The National Cyber Security Alliance (NCSA)
Intellectual property
60% of UK small businesses were
compromised in 2014
(2014 Information Security Breaches Survey)
Company secrets
100% of corporate networks examined
had malicious traffic
(Cisco 2014 Annual Security Report)
Dynamic Threat Landscape
It is a Community
that hides in plain sight
avoids detection, and
attacks swiftly
60%
54%
100%
of data is
stolen in
hours
of breaches
remain undiscovered
for months
of companies connect
to domains that host
malicious files or services
The Question Is No Longer if Malware Will Get
Into Your Network
It’s How Quickly You Can Detect the Infection, Understand Scope, and Remediate the Problem
Where do I start?
Confirm Infection
Notification
Quarantine
Confirm
Triage
Stop
Cannot Identify Infection
Analyze Malware
What systems were affected?
Build Test
Bed
Static &
Dynamic
Analysis
Device
Analysis
Network
Analysis
No
Infection
Proliferatio
n Analysis
What did the threat do?
Update Profile
Malware Proliferation
Malware
Profile
How do we recover?
Remediate
How do we keep it from
happening again?
Search
Network
Traffic
Search for Re-infection
Search
Device
Logs
Scan
Devices
Define
Rules
(from
profile)
Infection Identified
How bad is the situation?
If you knew you were going to be compromised,
would you do security differently?
Become a Cisco
Security Sales Guru!
Defending Against These Advanced Threats
Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Network
Endpoint
After
Scope
Contain
Remediate
During
Detect
Block
Defend
Before
Discover
Enforce
Harden
Mobile
Virtual
Point in Time
Cloud
Continuous
Email & Web
Defending Against These Advanced Threats
Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before
Discover
Enforce
Harden
During
Detect
Block
Defend
After
Scope
Contain
Remediate
ASA
VPN
NGIPS
NGIPS
Advanced Malware Protection
NGFW
Meraki
ESA/WSA
Network as
as Enforcer
Enforcer
Network
CWS
CWS
ThreatGRID
Secure Access + Identity Services
FireSIGHT and pxGrid
Before
Deploy the smartest threat defense available
Talos
Identify advanced threats quickly
with industry-leading threat research
Get industry-specific threat intelligence
tailored to your business
III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00
• Monitors 35%
of
• Performs 4.9
III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00
the world’s
billion AV and
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I
email traffic
web filtering
00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00
blocks per month
II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00
• Receives II0II0I0I0I
1.1
I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I
• Processes 100
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00
million incoming
terabytes of
000
malware 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I security
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I0
samples daily
intelligence daily
00I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I
Threat Intelligence
Catch advanced threats endpoints miss
with Cisco’s reverse engineers and threat
analysts
Stay protected against the latest threats
with regular updates pushed automatically
WWW
Email
Endpoints
Web
Networks
NGIPS
Devices
Research
Response
Jan
600+ Researchers
24  7  365 Operations
After
Advanced
Malware
Protection
Cisco Advanced Malware Protection
Built on Unmatched Collective Security Intelligence
Cisco®
1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
Collective
101000
0110
00
0111000
111010011
101
1100001
110 101000 0110 00 0111000 111010011
101 1100001
Security
Cisco Collective
1100001110001110 1001 1101 1110011 0110011 101000 0110 00 1100001110001110 1001 1101 1110011 0110011 10100
Intelligence
Security Intelligence Cloud
WWW
Email
Endpoints
Web
Networks
1.6 million
global sensors
13 billion
web requests
100 TB
of data received per day
24x7x365 operations
150 million+
deployed endpoints
4.3 billion web blocks per day
600
engineers, technicians,
and researchers
35%
worldwide email traffic
40+ languages
1.1 million incoming malware
samples per day
IPS
Automatic
Updates
every 3-5
minutes
Devices
Talos Security Intelligence
AMP Threat Grid Intelligence
AMP Threat Grid Dynamic
Analysis
10 million files/month
Advanced Microsoft
and Industry Disclosures
AMP Community
Snort and ClamAV Open Source
Communities
Private/Public Threat Feeds
AEGIS Program
AMP
Advanced Malware Protection
AMP Delivers Integrated…
Additional Point-in-Time Protection
Retrospective Security
File Reputation and Sandboxing
Continuous Analysis
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
AMP Strengthens the First Line of Detection
All detection is less than 100%
One-to-One
Signature
Fuzzy
Fingerprinting
Machine
Learning
Advanced
Analytics
Dynamic
Analysis
Reputation Filtering and File Sandboxing
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
With Real-Time Malware Scanning
Dynamic Vectoring and Streaming
Signature and Heuristic Analysis
Heuristics Detection
Identify Unusual Behaviors
Anti-Malware Scanning
► Optimizes efficiency and catch rate with
intelligent multi-scanning
► Enhances coverage with multiple signature
scanning engines
► Identifies encrypted malicious traffic by
Multiple
Anti-malware
Scanning
Engines
Signature Inspection
Identify Known Behaviors
decrypting and scanning SSL traffic
► Improves user experience with parallel
scanning for fastest analysis
► Provides the latest coverage with
automated updates
Parallel Scans, Stream Scanning
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
AMP Provides Contextual Awareness and Visibility
That Allows You to Take Control of an Attack Before It Causes Damage
Focus on these users
first
Who
These applications are
affected
What
The breach affected
these areas
Where
This is the scope of
exposure over time
When
How
Here is the origin and
progression
of the threat
And Continues to Analyze What Happens Along
the Attack Continuum
Breadth and Control points:
WWW
Email
Endpoints
Web
Network
IPS
Devices
Retrospective
Detection
Telemetry Stream
File Fingerprint and Metadata
File and Network I/O
Threat
Hunting
1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00 0111000 111010011
0100001100001 1100 0111010011101 1100001110001110
Process Information
Trajectory
Continuous feed
1000111010011101 1100001110001110
0001110
Behavioral
Indications
of Compromise
101 1100001 110
1001 1101 1110011 0110011 101000 0110 00
Continuous analysis
Talos + Threat Grid Intelligence
And the Power to Surgically Contain and Remediate
There Are Several Ways You Can
Deploy AMP
Deployment
Options
PC/MAC
Email and Web; AMP
on Cisco® ASA
CWS
AMP for Networks
AMP
Advanced Malware Protection
Mobile
Virtual
AMP for Endpoints
(AMP on FirePOWER Network
Appliance)
AMP Private Cloud
Virtual Appliance
Method
License with ESA, WSA,
CWS, or ASA customers
Snap into your network
Install lightweight
connector on endpoints
On-premises Virtual
Appliance
Ideal for
New or existing Cisco
CWS, Email /Web
Security, ASA customers
IPS/NGFW customers
Windows, Mac, Android,
virtual machines
High-Privacy
Environments
 Comprehensive threat
protection and
response
 Granular visibility and
control
 Widest selection of
AMP features
 Private Cloud option
for those with highprivacy requirements
Details
 ESA/WSA: Prime
visibility into
email/web
 CWS: web and
advanced malware
protection in a clouddelivered service
 AMP capabilities on
ASA with FirePOWER
Services
 Wide visibility inside
network
 Broad selection of
features- before,
during, and after an
attack
 For endpoints and
networks
Cisco Web Security
Web Security Is More Important Than Ever Before
The web is a popular
attack vector for criminals
Without proper control, your own
users can put your business at
risk
Increased cloud adoption
creates greater vulnerabilities
Money, Jobs, and Company Reputations Are
on the Line
Heartbleed
Breach of
security
String of Pearls
Breach of
trust
Zeus
Shell Shock
Compromise
of the business
Cisco Web Security Delivers…
Comprehensive
Defense
Defend and control with best-inclass, cloud-delivered web
security
Advanced
Threat Protection
Protect against advanced
threats with adaptive web
security
Superior Flexibility
Deploy, manage, and scale
easily to fit your business
It Starts with Usage Controls and an Active
Defense
Comprehensive Defense
Web Usage Control
Web Filtering
Web Reputation
Dynamic Content Analysis
Web Usage Reporting
Block over 50 million
known malicious sites
Restrict access to sites based
on assigned reputation score
Categorize webpage content
and block sites automatically
Gain greater visibility into how
web resources are used
Web Usage Control
Application Visibility and
Control
Outbreak Intelligence
Regulate access to individual
website components and
apps
Identify unknown malware and
zero-hour outbreaks in real
time
Centralized Cloud
Management
Roaming Laptop-User
Protection
Enforce policies from a single,
centralized location
Extend security beyond the
network to include mobile
users
And Combats Evolving Threats and Advanced
Malware
Advanced Threat Protection
Cisco® Advanced Malware Protection (AMP)
File Reputation
File Sandboxing
File Retrospection
Increase the accuracy of threat
detection by examining every
aspect of a file
Determine the malicious intent
of a file before it enters the
network
Identify a breach faster by
tracking a file’s disposition
over time
The Solution Works with Your Evolving Business
Model
Superior Flexibility
ISR G2
ASA / ASAv
$
AnyConnect®
WSA / WSAv
Connect
infrastructure
$
Standalone
Multiple Traffic Redirection Methods
Cisco®
$
CWS to your current
True Security as a Service
Manage CapEx and OpEx as your business
grows
Cisco Web Security with AMP
Built on Talos: Superior Security Intelligence
Sourcefire®
I00I III0I III00II 0II00II I0I000 0110 00
Cisco®
10I000 0II0 00 0III000 II1010011 101 1100001 110
SIO 110000III000III0 I00I II0I III0011 0110011 101000
Cisco0110 00
1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00
101000 0II0 00 0III000 III0I00II II II0000I II0
100I II0I III00II 0II00II I0I000 0II0 00
Vulnerability
Research Team
(VRT)
Talos
180,000+ file samples per day
WWW
Email Endpoints Web
Networks
IPS
FireAMP™ community
Devices
1.6 million
35%
global sensors
worldwide email traffic
100 TB
13 billion
of data received per day
web requests
150 million+
24-hour daily
deployed endpoints
operations
600+
40+
engineers, technicians,
and researchers
languages
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Advanced Microsoft and industry disclosures
WSA or CWS
Snort and ClamAV open source communities
Honeypots
Sourcefire AEGIS™ program
Private and public threat feeds
Dynamic analysis
Cisco Confidential
38
Reputation Analysis
The Power of Real-Time Context
-10
-9
-8
-7
-6
-5
-4
-3
-2
-1
0
1
2
3
4
5
6
7
8
9
10
IP Reputation Score
Who
Where
How
When
Suspicious
17.0.2.12
example.com
Example.org
192.1.0.68
Domain Owner
Server in High
Kiev
San
London
Beijing
Jose
Risk Location
Dynamic IP
HTTPS
HTTP
SSL
Address
Web Server
Registered
< 1 Month
Domain
<><121Month
Year
Min
010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0101 1100110 1100 111010000 110 0001110 00111 010011101 11000 0111 00 01110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100
0010 010 10010111001 10 100111 010 00010 0101 110011 011 001 110100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
39
Loss of Productivity Is a Threat
How Much Bandwidth and Time Is Being Wasted?
Facebook time:
2,110,516 minutes or
35,175 hours, 1465
days, 4.1 years
# of Facebook likes:
3,925,407 at 1 second
per like. That’s almost
1100 hours per day, or
45 days just liking
things
Bytes on YouTube
video playback:
11,344,463,363,245
or 10 TB
Pandora:
713,884,303,727
or 0.6 TB
Total browsing time
per day:
2,270,690,423 or
4,320 years
Total bytes per day:
70,702,617,989,737
or 64 TB; over 15%
from YouTube
Source: Cloud Web Security Report
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
40
Time and Volume Quotas
Intelligent Controls of Bandwidth Usage
► Control web usage to meet administrative policies, such
as:
- Total bandwidth used during work hours
- Total bandwidth per day used for social media categories
► Configure polices to restrict access based on the
amount of data (in bytes) and time
► Quotas are applicable to HTTP, HTTPS, and FTP traffic
► Configured under access policies and decryption
policies
► Create custom end-user notifications of warnings when
a quota is close, as well as when exceeded
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
41
Acceptable Use Controls
Beyond URL Filtering
URL Filtering
Application Visibility and Control (AVC)
►
Control over mobile,
collaborative, and
web 2.0 applications
►
Assured policy
control over which
apps can be used by
which users and
devices
►
Granular
enforcement of
behaviors within
applications
►
Visibility of activity
across the network
Hundreds of
Apps
HTTP://
►
►
Constantly updated URL
database covering over
50 million sites
worldwide
Real-time dynamic
categorization for
unknown URLs
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
150,000+
Micro-Apps
Application
Behavior
Cisco Confidential
42
Next-Generation
Firewall
The Problem with Legacy Next-Generation Firewalls
Focus on the Apps…
…but miss the threat
101 010011101 1100001110001110
01
1001 1101 1110011 011001
1100001 1100 0111010011101 1100001110001110
1001 1101 1
Legacy NGFWs can reduce attack surface area but advanced malware often evades security controls.
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
44
Traditionally your security options have been limited
Unified Threat
Management
(UTM)
Stateful
Firewall
Multiple Point Solutions
Limited threat
effectiveness
Difficult integrations
leave security gaps
VPN
Malware
Analysis
Costly & timeconsuming setup and
support
Only Cisco delivers a threat-focused NGFW
Unified Threat
Management
(UTM)
Superior
Protection
Stateful
Firewalldefense
Threat-centric
across the attack continuum
Simplified Management
Multiple Point
Solutions
Extensive
control
through a simpler user experience
VPN
Exceptional Value
Malware
Low TCO with enterprise-grade
Analysis
protection
Cisco ASA with FirePOWER
Services Next-Generation Firewall
(NGFW)
Application Visibility
and Control (AVC)
Next-Gen Intrusion
Prevention System (NGIPS)
Advanced Malware
Protection (AMP)
URL Filtering
Before
Reduce your threat exposure
WWW
Network Firewalling
Application Visibility
and Control (AVC)
URL Filtering
VPN Capabilities
Block unauthorized
access and activity by
controlling traffic flow
Tailor application behavior
to reduce attack surface
and risk of data loss
Restrict access to specific
sites and sub-sites, as
well as categories of sites
Protect both site-to-site
connections and remote
users with granular control
Next Generation Intrusion Prevention System (NGIPS)
Detect and prevent threats from entering your network
After
Before
No other NGFW offers this level of visibility
The more infrastructure you see, the better protection you get
Client applications
Operating systems
C&C
Servers
Mobile Devices
File transfers
Threats
Users
Typical IPS
Routers & switches
Application
protocols
Web
applications
Printers
Malware
Typical NGFW
Network Servers
VOIP phones
Cisco ASA with FirePOWER Services
After
Before
And remediate quickly after a breach
Advanced Malware Protection (AMP)
Continuous analysis + retrospective security
Reduce clean-up time from weeks to hours
with AMP everywhere
Identify malware and suspicious files through
behavioral indicators
Eliminate infections by turning back the clock
After
No other NGFW offers this level of visibility;
You cannot protect what you cannot see …
Cisco®
FirePOWER
Services
              
Typical
IPS

Typical
NGFW
    
             
         
Cisco ASA with FirePOWER Services
Base Hardware
• New ASA 5585-X Bundle SKUs
with FirePOWER Services Module
Security
Subscription
Services
Management
• New ASA 5500-X SKUs running
FirePOWER Services Software
• FirePOWER Services Spare Module/Blade
for ASA 5585-X Series
• FirePOWER Services Software
• Hardware includes Application Visibility
and Control (AVC)
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
• IPS, URL, Advanced Malware
Protection (AMP) Subscription Services
• One- and Three-Year Term Options
• FireSIGHT Management Center
(HW Appliance or Virtual)
• Cisco Security Manager (CSM)
or ASDM
• SmartNET
Support
• Software Application Support
plus Upgrades
Cisco Confidential
51
Extend the value of your NGFW
Start with the hardware option that fits best
All with built-in Application Visibility and Control (AVC), network firewalling, and VPN capabilities
Desktop
5506-X
Wireless AP
5506W-X
Add FirePOWER Services* for enhanced protection
Advanced Malware
Protection (AMP)
*Available as subscriptions
Next-Generation
Intrusion Prevention
System (NGIPS)
URL
Filtering
Ruggedized
5506H-X
Rackmount
5508-X/5516-X
Choose the appropriate management solution
Adaptive Security Device
Manager (ASDM)
On-box manager
comes standard
FireSIGHT
Management Center
Appliance sold
separately
Start with the right appliance
ASA 5506-X
ASA 5506W-X
ASA 5506H-X
ASA 5508-X / ASA 5516-X
Desktop Model
100% NGFW; best for
ASA 5505-X refreshes
Integrated Wireless AP:
Wireless can be managed
locally or through WLC
Higher Performance
1 RU; New value-focused
price-performance points
Desktop
Desktop
Ruggedized: NGFW for
industrial control and
critical infrastructure
Rack Mount or Wall
Mount
Multicore @ 1.25GHz
Multicore @ 1.25GHz
Multicore @ 1.25GHz
5508: Multicore @ 2GHz
5516: Multicore @ 2.4GHz
Memory – RAM
4GB
4GB
4GB
8GB
Storage
Flash
Data ports
Security Context
FirePOWER
Services
64GB
64GB
64GB
120GB
8GB
8x1G (all L3 interfaces)
No
8GB
8 External, 1 AP
No
8GB
4x1G
No
8GB
8x1G (all L3 interfaces)
Yes
Form Factor
CPU
1RU
Yes
Yes
Yes
Yes
Cisco Trust Anchor validates the source of the image file and protects against hardware tampering and
counterfeiting
To get the performance you need
Features
ASA 5506-X
5506H-X | 5506W-X
~1.5x
to 2x
ASA 5508-X
ASA 5516-X
Max Stateful Firewall throughput
750 Mbps
VPN throughput
100 Mbps
175 Mbps
250 Mbps
Max AVC throughput
250 Mbps
450 Mbps
850 Mbps
Max AVC and NGIPS throughput
125 Mbps
250 Mbps
450 Mbps
AVC or IPS sizing throughput [440B]
90 Mbps
180 Mbps
300 Mbps
Max concurrent sessions
50,0001
100,000
250,000
5000
10000
20000
Max CPS
1 Gbps
~1.5x
to 2x
1.8 Gbps
Anyconnect
Cisco AnyConnect Secure Mobility Client
Extending Control of Context to the Endpoint
Simply and securely work anywhere on any device
 Delivers reliable and
transparent secure remote
access for the off-premises
users
 All major devices supported
(PC, Mac, Android, IOS,
more)
Helps ensure endpoint
integrity
Provides automatic secure
connectivity
 Multiple authentication
options
 Comprehensive posture
checks
 End-to-end encryption
 Integrated web security
 Per-app VPN for mobile
Differentiate Mobile Access
Connect Only Approved Applications over VPN
Provides a fast, convenient and flexible
approach to turn on Advanced Malware
Protection (AMP)
Selectively Tunnels Traffic Through VPN
www
Reduce the potential for nonapproved
applications to compromise enterprise data
Facebook
Verint
VPN
SAP
Support a range of remote users and
endpoints (employees, partners, contractors),
streamlining IT operations
SharePoint
LinkedIn
Microsoft
Office
Streamline Endpoint Compliance
Posture Check and Secure VPN Access with Unified Agent and Cisco ISE 1.3
Supports device posture and authorization
across multiple access methods
Simplifies management with only one
agent to manage
Prevents noncompliant devices from
accessing the network
Simplified Connectivity
Always-on User Experience
Automatically negotiates a hotspot, with
no user intervention required
Selects optimal gateway to deliver
high-performance access
Enforces enterprise connection by
authorizing right user and device
Off Premises
Advanced Secure Endpoint Access
Protect More for Today’s Threat-Centric Environment
Check posture and remediate to
help ensure compliance
Web Security
Filter for web threats (appliance or cloud)
to enhance security
Encrypts data in motion, offering
additional protection
Network as Enforcer
You Can’t Protect What You Can’t See
The Network Gives Deep and Broad Visibility
0101
0100
1011
0101
0100
1011
0101
0100
1011
0101
0100
1011
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
62
What Can the Network Do for You?
Network as Sensor
Detect Anomalous Traffic Flows, Malware
e.g. Communication with Malicious Hosts, Internal Malware Propagation, Data Exfiltration
Detect App Usage, User Access Policy Violations
e.g. Maintenance Contractor Accessing Financial Data
Detect Rogue Devices, APs and More
e.g. Maintenance Contractor Connecting an Unauthorized AP in Bank Branch to Breach
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
63
NetFlow – The Heart of Network as a Sensor
Path to Self Learning Networks
A Powerful Information Source
A Critical Tool
for Every Network Conversation
to Identify a Security Breach
Each and Every Network Conversation
over an Extended Period of Time
Identify Anomalous Activity
Source and Destination IP Address, IP Ports,
Time, Data Transferred, and More
Stored for Future Analysis
Reconstruct the Sequence of Events
Forensic Evidence and Regulatory Compliance
NetFlow for Full Details, NetFlow-Lite for 1/n Samples
Network Flows are Attack Signatures
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
64
NetFlow – The Heart of Network as a Sensor
Example: NetFlow Alerts With Lancope StealthWatch
Network Scanning
Botnet Detection
TCP, UDP, Port Scanning Across Multiple Hosts
When Inside Host Talks to Outside C&C Server
for an Extended Period of Time
Denial of Service
Fragmentation Attack
SYN Half Open; ICMP/UDP/Port Flood
Host Sending Abnormal # Malformed Fragments.
Host Reputation Change
Worm Propagation
Inside Host Potentially Compromised or
Received Abnormal Scans or Other Malicious Attacks
Worm Infected Host Scans and Connects to the Same Port Across
Multiple Subnets, Other Hosts Imitate the Same Above Behavior
Data Exfiltration
Large Outbound File Transfer VS. Baseline
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
65
NetFlow – The Heart of Network as a Sensor
NetFlow in Action: As an Attack Progresses
1
2
Breach Stages
Detection
Vulnerability Exploration
 NetFlow Can Detect on Scans Across IP Address Ranges
 NetFlow Can Detect on Scans Down IP Ports on Every
IP Address
Attacker Scans IP Addresses and Ports to Explore
Vulnerabilities (OS, User, App.)
Install Malware on 1st Host
Attacker Installs Software to Gain Access
Connection to “Command and Control”
3
Malware Creates Outbound Connection With C&C System
for Further Instructions
Spreading Malware to Other Hosts
4
5
Attack Other Systems on the Intranet Through
Vulnerability Exploitation
Data Exfiltration
Export Data to a 3rd Party Server
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
 NetFlow Can Detect on Inbound Admin Traffic From an
Unexpected Location
 NetFlow Can Detect Outbound Connections to Known
C&C IP Addresses
 NetFlow Can Detect Scans Across IP Address Ranges
by Internal Hosts
 NetFlow Can Detect Scans Down IP Ports on Every IP
Address by Internal Hosts
 NetFlow Can Detect Extended Flows (HTTP, FTP,
GETMAIL, MAPIGET and More) and Data Transfer
to New External Hosts
Cisco Confidential
66
What Can the Network Do for You?
Network as Enforcer
Segment the Network to Contain the Attack
TrustSec - Secure Group Tagging, VRF, ISE and More
Encrypt the Traffic to Protect the Data in Motion
MACsec for Wired, DTLS for Wireless, IPSec/SSL for WAN and More
Secure The Branch and Remote Users for Direct
Internet Access
Anyconnect, IWAN, Cloud Web Security and More
© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
67
Identity Services
Cisco Identity Services Engine (ISE)
NETWORK / USER
CONTEXT
Who
INTEGRATED PARTNER
ECOSYSTEM
What
When Where
How
Access Policy
Guest
Visitor
BYOD
Employee
User
 MINIMIZE NETWORK UNKNOWNS
 REDUCE YOUR ATTACK SURFACE
CXO Level
Secure
Access
Compromised
Device
 ENFORCE THE RIGHT LEVEL OF ACCESS CONTROL
 CONTAIN MALICIOUS NETWORK THREATS
Role-Based Secure Access with ISE
Confidential
Patient Records
Who: Doctor
What: Laptop
Where: Office
Internal Employee
Intranet
Who: Doctor
What: iPad
Where: Office
Internet
Who: Guest
What: iPad
Where: Office
 Acquires Important Context & Identity from the Network
 Implements Context-Aware Classification & Policy
 Provides Differentiated Access to the Network
Streamlining BYOD and Enterprise Mobility
Reducing the Complexity of Managing BYOD and Device Onboarding
Improved Device Recognition
Desktop
& Mobile
Ready!
Integrated Native Certificate Authority for Devices
Customizable Branded Experiences
Easy User Onboarding with Self-Service Device Portals
Comprehensive Device Security with Posture and EMM
Supports 1M Registered Endpoints and 250K ACTIVE, Concurrent Endpoints
Dynamic Control with Rich Contextual Profiling
Simple Identity Simply Isn’t Helpful Enough Anymore
POOR context awareness  “Simple Identity”
-
Who are you?
 IP Address 192.168.1.51
RESULT: Any user, Any device, Anywhere gets on the network
EXTENSIVE context awareness  “RICHER Identity”
Who?  Bob
Where?  Building 200, 1st Floor
What?  Tablet
When?  11:00 AM EST on April 10th
RESULT: The Right user, on Right device, from the Right place is
granted the RIGHT ACCESS
Enterprise Mobility Management Integrations
Enforce True Device Compliance for All Mobile Devices
Sees unregistered devices on the network?
Sees ALL devices on the network
Forces EMM Policy Compliance?
Requires devices to comply with EMM policy
Keeps noncompliant devices off network?
Provides guest access to non-EMM devices
EMM
SOLUTION
Secures Actual Device
Cisco ISE
Secures Network Access
ISE + EMM
Together
Conclusion
Defending Against These Advanced Threats
Requires Greater Visibility and Control Across the Full Attack Continuum
Attack Continuum
Network
Endpoint
After
Scope
Contain
Remediate
During
Detect
Block
Defend
Before
Discover
Enforce
Harden
Mobile
Virtual
Point in Time
Cloud
Continuous
Email & Web
Only Cisco Security Can Deliver…
Visibility and Control Across the Full Attack Continuum
Attack Continuum
Before
Discover
Enforce
Harden
During
Detect
Block
Defend
After
Scope
Contain
Remediate
ASA
VPN
NGIPS
Advanced Malware Protection
NGFW
Meraki
ESA/WSA
Network as Enforcer
CWS
ThreatGRID
Secure Access + Identity Services
FireSIGHT and pxGrid
http://www.cisco.com/web/partners/specializations/security-arch.html
Need Assistance Getting Cisco Express Security
Specialized? http://www.cisco.com/web/partners/specializations/expresssecurity/index.html
They will navigate with you, through the
specialization requirements
They host/sponsor the required AM & SE
specialization classes
Offering FREE* ASA 5506
Enable you to complete Security Network
Assessments –$1,500 spiff available
Call your Cisco Distributor
Sourcefire Resources
•
Advanced Malware Protection
•
Cisco AMP Threat Grid - Appliances
•
Cisco AMP Threat Grid - Cloud
•
Cisco Advanced Malware Protection Virtual Private Cloud Appliance
•
Cisco Advanced Malware Protection for Endpoints
•
Cisco Advanced Malware Protection for Networks
Partner Resources
•
Go to the Cisco Security technology homepage for additional information about Cisco
Security solutions and products, including data sheets, at-a-glances, and presentations.
Sales and marketing resources for related solutions and products are available below.
•
Secure Data Center Solution
•
Cisco AnyConnect Secure Mobility Solution
•
Cisco Adaptive Security Appliances (ASA)
•
Cisco Security Manager
•
Identity Services Engine
•
Cisco Cloud Web Security
•
Cisco Cloud Email Security
•
Cisco Email Security Appliance
•
Cisco Web Security Appliance
Sales Resources
•
Cisco Security Home Page | Security For Partners
•
Security Incentives and Promotions - Increase your profitability with security incentives and
solution bundle promotions; select “Security” as the category.
•
Competitive Information on Security - Discover how Cisco Security solutions and
technologies differ from other manufacturers.
•
Cisco SecureX Partner Overview Presentation (PPT - 12.6 MB) - Learn more about the Cisco
Security portfolio.
•
Cisco Installed Base Lifecycle Management (IBLM) - Use installed base data to identify
revenue opportunities.
•
Cisco TrustSec and Identity Services Engine Sales Tool - Understand how you can how you
can create new selling opportunities with Cisco TrustSec; optimized for iPads and other
tablets.
•
Midsize Solutions Guide for Partners (PDF - 3.2 MB)
Check out these additional ASA resources
At-a-Glance
http://www.cisco.com/c/en/us/support/security/asa-5506-x-firepowerservices/model.html#At-a-Glance
Data Sheet:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-nextgeneration-firewalls/datasheet-c78-733916.html
Cisco Talos Security Intelligence & Research:
http://www.cisco.com/c/en/us/products/security/talos.html
Cisco Security Marketing Campaigns:
http://www.cisco.com/web/partners/sell/technology/security_plays.html#~next,
Call to Action

Invite Your Customers to the next CCE Event

Next event – Wednesday Oct 7th @ 1:30 p.m.
Hackers, Botnets and Malware - Oh My! Battle 21st Century Threats with
Cisco Next-Gen Security
Registration link | Invitation
 Invite your customers to attend and we will notify you if they do!
 Access registration links, replays at: http://cs.co/cisco101

© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
85
Join Us Next Week!
Next Quick Hit Briefing
Be a Network Super Hero with Cisco IWAN Solutions
Thursday Oct 1st, 2015 at 9:30 ET
Check http://cs.co/quickhit for registration links and replays
C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
86
Thank you.