330 likes | 658 Views
ASA CX. Agenda. How To Sell ASA CX How To Compete Product Roadmap Demo. Session Objectives. Session Objectives. At the end of the session, the participants should be able to: Understand and execute on the go-to-market strategy Identify ASA CX updates in the last 6 months
E N D
Agenda • How To Sell ASA CX • How To Compete • Product Roadmap • Demo
Session Objectives At the end of the session, the participants should be able to: • Understand and execute on the go-to-market strategy • Identify ASA CX updates in the last 6 months • Understand high-level roadmap for the next 12 months • Demonstrate key use cases to customers
Reasons Why NGFW’s Sell ASA CX Focus Today
The ASA CX Solution ASA CX “solution” CX capabilities Apps, Users URL Filtering Web Reputation (SIO) Industry’s most widely deployed stateful inspection FW & remote access solution
Model Hardware Comparison ASA CX
High Availability Hardware Software • Redundant hot-swappable power supplies and hard disks • OIR capable SFP/SFP+ modules • Software Failover • CX fail-open and fail-close support
Cisco Prime Security Manager Simple Standards-based Efficient Cisco ASA CX Context-Aware Threat Aware Classic ASA Firewall
Web Reputation Case Study • Web Reputation protects Cisco’s 100K users from web-based threats • 300 transactions blocked every minute by reputation • Supports Cisco IT’s BYOD strategy: protects all devices irrespective of OS, browser used, or what client anti-virus software is installed • Enabled Cisco IT to reduce malware case load by 43% Cisco-on-Cisco case study on Web Reputation (WSA): http://www.cisco.com/web/about/ciscoitatwork/borderless_networks/ironport_web_security_appliance.html
Establish Credibility In Primary Features Apps, Micro-apps and App Behavior Broad… … classification of all traffic 1,000+ apps MicroAppEngine Deep classification of targeted traffic 75,000+ MicroApps App Behavior Control user interaction with the application
Why Cisco Significant Investment and Expertise in AVC Proven, Cisco-owned Solution Updates Released Every Month • 2 years, 2,500 customers • 2 Bntransaction hits every week • For the last 2 years • Same infrastructure and frequency with ASA CX • Focused on customer use cases
Business-Relevant Application Controls Cisco’s app support focuses on customer use cases References: PAN: http://apps.paloaltonetworks.com/applipedia Cisco (Web apps only yet, will be expanded to list all apps): https://securityhub.cisco.com/web/application_visibility_control
Establish Credibility In Primary Features (Cont’d) Users: Covers Wide Breadth of Identity Use Cases Fidelity • AD/LDAP Identity • Non-auth-aware apps • Any platform • AD/LDAP credential • NTLM • Kerberos • TRUSTSEC* Network Identity Secure Group Tags • IP Surrogate • AD Agent • User Authentication • Auth-Aware Apps • Mac, Windows, Linux • AD/LDAP user credential Breadth * ASA 9.0
Establish Credibility In Primary Features (Cont’d) URL: Industry-leading coverage and efficacy 60 languages countries mn URLs customers 200 20 9000 Legal Marketing Finance
SensorBase Threat Operations Center Dynamic Updates
30B 100M 35% 750,000+ 4 TB GLOBALLY DEPLOYED DEVICES DATA RECEIVED PER DAY WEB REQUESTS EMAIL MESSAGES WORLDWIDE TRAFFIC SensorBase Threat Operations Center Dynamic Updates
24x7x365 $100M 40+ 80+ 500 SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT OPERATIONS LANGUAGES Ph.D.s, CCIE, CISSPs, MSCEs ENGINEERS, TECHNICIANS AND RESEARCHERS SensorBase Threat Operations Center Dynamic Updates
6,500+ 3 to 5 20+ 200+ 8M+ IPS SIGNATURES PRODUCED MINUTE UPDATES PUBLICATIONS PRODUCED PARAMETERS TRACKED RULES per DAY SensorBase Threat Operations Center Dynamic Updates
Differentiator: SIO Cisco SIO www.facebook.com GO
SIO: Elements Of Cisco Differentiation Checkpoint and Fortinet don’t have an equivalent offering. Compare this against PAN’s WildFire. Breadth Of Data SIO: One-third of world’s internet traffic goes through SIO WildFire: No statistics available on data collected Proven Track Record SIO: Has been protecting customers for 7+ years WildFire: New, unproven solution launched in late 2011 Proactive SIO: Based on context, provides proactive protection WildFire: Based on file content, reactive, and poor uptake because customers hesitant to upload files to PAN’s cloud
Differentiator: BYOD Cisco has the best remote access & BYOD solutions of all NGFW vendors AnyConnect deployed on 150 mn+ endpoints Unified security client: RA, Posture, NAM, Web Security Identity Services Engine: Enabling BYOD Example use case 1: Block high-bandwidth consuming applications for users connecting through VPN Example use case 2: Provide differentiated access based on device type
Differentiator: User Device Information Policy Report CX Today AnyConnect provides device type information Future plan ISE provides device type information
Differentiator: TrustSec & Security Group Tags John Doe authenticates from a corporate asset. Because desktop AV is not up-to-date, it is assigned SGT = Quarantine, with limited network access until he remediates. Jane Doe authenticates from an iPad ornon corporate asset. She is assigned SGT =BYOD, and is allowed RDP access to Finance apps.