70 likes | 245 Views
Assess. Maintain. Define. Remediate. Maintain Controls and Framework: Operate and monitor technical controls Maintain subscriptions Periodic assessments Evolve solutions as needed. Define Common Control Framework: Identify compliance obligations Asset inventory
E N D
Assess Maintain Define Remediate • Maintain Controls and Framework: • Operate and monitor technical controls • Maintain subscriptions • Periodic assessments • Evolve solutions as needed • Define Common • Control • Framework: • Identify compliance obligations • Asset inventory • Evaluate threats and vulnerabilities • Understand business requirements • Risk assessment • Assess Controls for Presence and Effectiveness: • Policy controls • Technical controls • Remediate Control Gaps: • Define and publish policies • Deploy security technology solutions • Train employees Identify and Prioritize Gaps IT-GRC Security Solutions “Security is complex; so we need a holistic approach to prioritize activities and investment “ “How do I best protect IT Confidentiality, Integrity, and Availability?” “We need to meet the many overlapping standards such as SoX, PCI, ISO-27001 to name a few “ “How do I make the best use of both security policy and technology to insure security and compliance” “We need to be able to determine the likelihood and impact of business threats and prioritize our response” “How do I reduce cost and improve the effectiveness of my security and compliance initiatives?” “We need to deploy SSL VPN” Customer Challenges How do customer operate and implement a IT GRC Program Businesses today face the challenge of both protecting themselves from a myriad of security threats and meeting many overlapping compliance obligations, all with limited resources • Security threats continue to increase in number and sophistication • Inability to meet compliance requirements can lead to lawsuits, fines, and other penalties. • Fragmented teams that operated in individual silos lead to inefficiency, redundancy, gaps, and high cost • Threats to availability of business processes • Loss of customer trust and loyalty in the business Solution and Customer Benefits Cisco Solution Offers Top Questions To Ask To Initiate The Sale IT GRC addresses IT Security and Compliance challenges through ONE comprehensive program. These programs offer the following benefits: • Reduce cost of compliance • One set of controls and one compliance program to implement and manage • Maximize reduction in IT security risk with available resources • Risk-based, business focused decisions and resource prioritization • IT GRC Delivers Dramatic Business Value • Higher Revenue • Increase in Profits • Decrease in Audit Costs IT GRC Security Assessment Service • Helps customers get started with IT GRC by comprehensively addressing the Define and Assess phases • Provides customers with a unique common control framework that meets their needs • Assesses security policy and architecture against control requirements • Identifies gaps and provides a prioritized roadmap of recommendations for remediating gaps • Drives follow-on product and service opportunities Remediate and Maintain offers Cisco and partners offer a range of security products, deployment services, and ongoing subscriptions to remediate gaps and maintain security and compliance • Are you concerned with compliance with regulations (e.g. SOX, FISMA, HIPAA) and industry mandates (e.g. PCI)? • Do you have good visibility into the effectiveness of your security and compliance programs? • Do you have concerns about overlaps, gaps, and inefficiencies between the efforts of multiple compliance initiatives? • Are you confident that investments in security technology, policy, and process initiatives are driven and prioritized by a good understanding of business risk • Are you confident that you are maximizing the return on investments in security technology, policy, and process initiatives
ASA BATTLE CARD “We need to upgrade our firewall” Company Vision and Strategy Business Drivers External Authority Documents Regulations Contractual Requirements Risk Assessment Industry Standards International Standards and Control Models Security Compliance Threats Vulnerabilities Business Value IT-GRC Security Solutions What does an IT GRC Program look like ? Your Competition There are two main forms of competition: Business as usual: Customers continue to try to address security and compliance in-house with marginal success Large security consulting firms: Some of the largest consulting firms have opened new IT GRC consulting practices in the last two years. The offers are still immature and few are comprehensive. Cisco’s differentiator is that we not only have a comprehensive set of consulting services, but we have the deep technical credibility when it comes to assessing, remediating, and maintaining security infrastructure. Implement CommonControlFramework Update Operate Monitor Additional Resources Asset Inventory IT GRC Web Site http://www.cisco.com/en/US/products/ps10372/serv_home.html
SensorBase Cisco Threat Operations Center Global Threat Telemetry Global Threat Telemetry Dynamic Updates and Actionable Intelligence Intrusion Prevention Solution Email Security Appliances Web Security Appliances System Administrators Global Correlation (GC) for IPS “We need an IPS system that identifies and prevents attacks and attackers, and provides global threat awareness” “We need to be able to update our threat management to deal with emerging threats” “We need to be able to target and characterize the attacker not just respond to the attack” “We are looking for the most effective method of identifying and preventing attacks and attackers ” “I need to stop all attacks against my assets ” “We need to be able to protect our networks against ” “We need to deploy SSL VPN” What It Is Customer Benefits Top Questions To Ask To Initiate The Sale • Reduces network down time and prevents DoS attacks. GC IPS is able to identify and prevent attacks and attackers, and provide (and receive) global awareness. • Reduces operational costs associated with having to manage, update, and propagate updated signatures • Increase worker (IT-Security) efficiency by focusing key business functions and actionable events. IPS with Global Correlation is a security capability deployed with Cisco IPS Sensor Software Release 7.0. Global Correlation harnesses the power of Cisco Security Intelligence Operations, the world’s largest threat monitoring network, to achieve unprecedented threat management efficacy. Global threat information is turned into actionable intelligence, such as reputation scores, and pushed out to all enabled technologies. • “How are you currently identifying and preventing attacks and attackers ?” • “How confident are you in knowing that your IPS is blocking and permitting traffic based on real attacks?” • “Does your current signature based IPS solution only detect attacks that are already under way, and only have local threat awareness?” • “Are you aware that 50% of attacks are from repeat offenders? (every attack a bad guy attempts counts against him in GC IPS’ risk rating system)” Value Proposition Key Points Where It Fits • Global Correlation makes Cisco IPS 7.0 twice as effective as signature-only IPS technologies. • Global Correlation provides Cisco IPS with updates on new threats 100 times faster than signature updates. • Global Correlation decreases false positives with reputation analysis • Global Correlation leverages the global threat visibility of Cisco SIO PROTECTIPS 7.0 protects your network with updates every five minutes providing your reputation filter with information based on global data analysis. CORRELATE SensorBase updates the IPS with data correlated from over 500 3rd party feeds and over 700,000 sensors across multiple technology types. RESPOND The GC IPS can respond to threats before they occur using a reputation filters to remove the worst offenders.
Global Correlation (GC) for IPS Top Customer Objections • Broad Network Coverage • Edge : Distribution : Core : Internal • Teleworker : Branch : Campus : Data Center • Diverse Platform Options • Enabling broad deployment flexibility, easily integrated into network management and deployment models • Unified Management and Operations • Single update package • Consistent management • Enterprise-class solutions • Sub-200 micro-second latency for ensuring quality of low-latency applications • Highly reliable via hardware and software failover Objection:I’m concerned Global Correlation will block my incoming traffic. Answer: Global correlation can be implemented in Audit mode allowing you to view what traffic global Correlation would have stopped. Once you are comfortable with what the Reputation Filter and Global Inspection would have caught you can begin to use Global Correlation. Objection: Will my network remain safe if I share it with Cisco?Answer: Yes, all data sent to SenserBase is anynomous and there are actually three methods of participation in Global Correlation that can be applied to your IPS. The first is non-participation: Your IPS will be receiving updates from SensorBase but will not send any information back. Partial Participation allows you to send information regarding the attack and attacker. Full participation takes this a step further where you would anonymously supply the victim port and IP. “We need to upgrade our firewall” Objection: How do I know this won’t compromise my current IPS security? Answer: Again, there are multiple ways of integrating Global Correlation into your Risk Rating. The first is passive, your IPS will be receiving updates from SensorBase but doesn’t act on them. It will only log the threats it would have stopped. As you become more comfortable with it you can begin to add Reputation Filtering and Global Inspection to your Risk Rating mixture Cisco Clean Access (CCA) Router Module Appliances Switch Module http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html
Extranet Mgmt- NOC WAN core Partner Campus Internet Edge E- Commerce Branch Data Center ASA BATTLE CARD “Support for multiple vendor solution creates problems and is expensive” “My administrators are having a hard time managing all our security devices” “The useful life of our investment in security technologies continues to shrink” “We need to be able to protect our unified communication services.” “We need to be able to protect against threats, known and unknown (i.e. like filtering botnet traffic)” “We need to deploy SSL VPN” “We need to deploy SSL VPN” What It Is Customer Benefits Top Questions To Ask To Initiate The Sale • Prevent network outages with “Improve Threat Mitigation”. Leverage Cisco’s Security Intelligence Operations ability to centralizing information and threat signatures issued from all security technologies of the Cisco portfolio • Lower TCO and seamless integrate all types of VPN devices with a “Comprehensive Connectivity” solution. Cisco Secure remote access solution is recognized as the world’s widest-deployed solution, offering the richest range of connectivity in a single, versatile appliance • “Deployment Flexibility” reduce OPEX and troubleshooting man-hours. Secure Remote Access solution allows for all elements of the company’s InfoSec policy to be deployed and manage in a centralized place. • Adhere to PCI “compliancy” at branch location • Do you have the means to react and update your email filters, web filters and reputation, IPS/ filtering as well as share statistics globally amongst other Cisco devices. • Are you able to scale and protect your network against threats to your unified communications applications. • Are you able to detect, isolate, and manage Botnet attacks? • Are you able to automatically update your anti-malware database? • Are you able to detect end-users accessing rogue IP addresses or domains that could effect your internal network? • Are you interesting in consolidating security services into a single platform? • Are you currently looking to deploy SSLVPN, IPsecEC VPN or both in your organization? • Do you need to reduce your total cost of ownership at your branch locations while still providing secure access, firewall, and content filtering (and adhere to PCI)? • Does your solution securely and cost effectively1 allow for burst of traffic during pandemic situations? • Do you have applications which need to be remotely accessed by mobile users? • Are you looking for ways to reduce cost and complexity with your network security? • Have you experienced business disruption due to a worm or virus? • Are you looking to upgrade your existing security system or add additional security services to your network such as firewall and/or intrusion prevention? • ASA is a multi-purpose appliance that allows customers to deploy security services as needed to meeting business requirements. Services delivered through the ASA platform include: • Firewall • IPS • Content Security • SSL/ IPsecec VPN • Unified Communications Security Value Proposition Key Points Where It Fits • Provides Botnet Traffic Filter, with the integration of the Cisco Security Intelligence Operations to protect the internal network from Malware threats and prevents other malicious activity due to infect client machines. • ASA 5505 with IPS Security Service Card (SSC) Module for SMB market to meet PCI compliancy. • Cisco 5580 can scale to support 10k Unified Communications Proxy (phone, mobility, presence federation, and TLS support) sessions • Broadest range of security options for secure remote access • Affordable, flexible solution for short-term bursts of VPN users • Firewall and enforce policies for internal and external NAT’ed multicast traffic PROTECTThe ASA 5500 helps protect corporate assets by preventing malicious software downloads and unauthorized access. DETECT The ASA helps detect vulnerabilities by scanning email & messaging for virus.
ASA BATTLE CARD Cisco ASA Cisco ASA Cisco ASA Cisco ASA Disparate Devices Disparate Devices List (CapEx) List (CapEx) Adaptive Security Appliance Adaptive Security Appliance List (CapEx) List (CapEx) SMB Head-end Firewall SMB Head-end Firewall $4,500.00 $4,500.00 ASA 5520 w/FW, IPS & VPN ASA 5520 w/FW, IPS & VPN $12,495.00 $12,495.00 30% 30% SMB Head-end IPS Appliance SMB Head-end IPS Appliance $8,000.00 $8,000.00 DISCOUNT DISCOUNT TOTALS TOTALS $8,746.50 $8,746.50 Head-end VPN Concentrator Head-end VPN Concentrator $10,000.00 $10,000.00 SUB-TOTALS SUB-TOTALS $22,500.00 $22,500.00 One device to manage with one console, one One device to manage with one console, one 30% 30% DISCOUNT DISCOUNT Technical Assistance Center (TAC) to work with. Technical Assistance Center (TAC) to work with. TOTALS TOTALS $15,750.00 $15,750.00 Significantly reduce OpEx. Significantly reduce OpEx. ASA BATTLE CARD Top Customer Objections Total Cost of Ownership Your Competition Objection: We currently have an ASA deployed but would like to test the Botnet Traffic Filter. Answer: Customers with existing ASAs can order the licenses. All Cisco ASAs will ship with 1-year free trial. Objection: We already have a firewall. Answer: The ASA is a security platform and can be used as a firewall as well as an IPS, VPN Concentrator or network Anti-X solution. Objection: I don’t want to pay for all of those capabilities if I’m not using them. Answer: ASA is modular – all those capabilities are there in a single device, but you only pay for those functions you need. Objection: I don’t feel comfortable allowing one company to provide this much of my security solution. Answer: Cisco has dedicated teams of experts developing each security solution (IPS, Firewall, VPN, etc). Objection: During pandemic situations we need to be able to support large burst of traffic with our existing ASAs. Answer: The Cisco VPN Flex licenses are designed to allow for an increase (traffic burst) in the total number of SSL VPN concurrent users on an ASA for a short period of time. Checkpoint: Attack Your Response “We need to upgrade our firewall” Firewall Technology IPS Technology VPN Technology Cisco PIX Cisco IPS Cisco VPN 3000 NEW!! Includes Botnet Traffic Filter – Free 30-Day Introductory License Success Story Proof Points Juniper: Sales Tactics: Positions SSL VPN to the Sec Ops Decision Makers to gain strategic entry points, especially in Financial industry. Attacks: IOS is unstable, Cisco’s service module strategy adds complexity & cost Response: Lead with our Security position in the market (#1), educate customer on IOS strength in the SDN story, highlight TCO and investment protection for customer related to the service module approach. “The Cisco ASA 5500 Series IPS Edition allows us to not only fulfill a regulatory requirement, but also, more importantly, to do the right thing and make sure we are being as proactive as possible with our network security.” -- Benjamin Craig, Vice President of Information Systems for River City Bank What Is The Closest Link? ASA Security Service Modules Additional Resources Service Modules plug in to allow customer to turn on security services as needed. ASA Web Site: http//www.cisco.com/go/asa