IT-GRC Security Solutions

“Security is
“How do I best complex; so we “We need to meet the “How do I make “We need to be able “How do I reduce cost
protect IT many overlapping the best use of both to determine the and improve the
need a holistic effectiveness of my
Confidentiality, approach to standards suchtoas
“We need security policy and likelihood and impact
security and compliance
Integrity, and deploy
SoX, PCI, SSL VPN”
ISO-27001 technology to of business threats
prioritize activities initiatives?”
Availability?” and investment “ to name a few “ insure security and and prioritize our
compliance” response”

Customer Challenges How do customer operate and implement a IT GRC Program

Businesses today face the challenge of both Define Assess Remediate Maintain
protecting themselves from a myriad of security
Define Common Maintain Controls and
threats and meeting many overlapping compliance Assess Controls for Remediate Control
Control Framework:
obligations, all with limited resources Presence and Gaps:
Framework:
Security threats continue to increase in number and Effectiveness: • Operate and monitor
 Identify compliance  Define and publish technical controls
sophistication obligations  Policy controls policies
Inability to meet compliance requirements can lead  Asset inventory • Maintain
to lawsuits, fines, and other penalties.  Evaluate threats and
 Technical controls  Deploy security subscriptions
vulnerabilities technology
Fragmented teams that operated in individual silos
 Understand business solutions • Periodic assessments
lead to inefficiency, redundancy, gaps, and high cost requirements
Identify and  Train employees •
Threats to availability of business processes  Risk assessment Evolve solutions
Prioritize Gaps as needed
Loss of customer trust and loyalty in the business

Solution and Customer Benefits Cisco Solution Offers Top Questions To Ask To Initiate The Sale

IT GRC addresses IT Security and Compliance IT GRC Security Assessment Service

challenges through ONE comprehensive program.
These programs offer the following benefits:
Reduce cost of compliance
One set of controls and one compliance
program to implement and manage
Maximize reduction in IT security risk with
available resources
Risk-based, business focused decisions and
resource prioritization
IT GRC Delivers Dramatic Business Value
Higher Revenue
Increase in Profits
Decrease in Audit Costs
1. Are you concerned with compliance with
Helps customers get started with IT GRC by
regulations (e.g. SOX, FISMA, HIPAA) and
comprehensively addressing the Define and Assess
industry mandates (e.g. PCI)?
phases
2. Do you have good visibility into the effectiveness
Provides customers with a unique common control
of your security and compliance programs?
framework that meets their needs
3. Do you have concerns about overlaps, gaps, and
Assesses security policy and architecture against
inefficiencies between the efforts of multiple
control requirements
compliance initiatives?
Identifies gaps and provides a prioritized roadmap
4. Are you confident that investments in security
of recommendations for remediating gaps
technology, policy, and process initiatives are
Drives follow-on product and service opportunities
driven and prioritized by a good understanding of
business risk
Remediate and Maintain offers
5. Are you confident that you are maximizing the
Cisco and partners offer a range of security products,
return on investments in security technology,
deployment services, and ongoing subscriptions to
policy, and process initiatives
remediate gaps and maintain security and compliance
 IT-GRC
ASASecurity
BATTLE Solutions
CARD
What does an IT GRC Program look like ?
“We need to Your Competition
upgrade our
firewall” There are two main forms of competition:
Company Vision
External and Strategy Business as usual: Customers continue to try to
Business Drivers Implement
Authority Documents address security and compliance in-house with
marginal success
Large security consulting firms: Some of the
largest consulting firms have opened new IT GRC
Regulations consulting practices in the last two years. The
offers are still immature and few are
comprehensive. Cisco’s differentiator is that we not
Common
Control only have a comprehensive set of consulting
Contractual services, but we have the deep technical credibility

Update

Operate
Requirements Framework
when it comes to assessing, remediating, and
maintaining security infrastructure.

Risk
Industry Assessment
Standards

International
Standards and Monitor
Control Models

Security Compliance
Threats
Asset
Vulnerabilities
Inventory
Business
Value

Additional Resources

IT GRC Web Site

http://www.cisco.com/en/US/products/ps10372/serv_home.html

“We need to be
able to update our
threat management
to deal with
emerging threats”
Global Correlation (GC) for IPS
“We need an IPS
“We need to be “We are looking “I need to stop all
able to target and “We need to be system that
for the most attacks against my
able to protect our identifies and
characterize the “Weagainst
need to” effective method of assets ”
networks prevents attacks
attacker not just deploy SSL VPN” and attackers, and identifying and
respond to the provides global preventing attacks
attack” threat awareness ” and attackers ”

What It Is Customer Benefits Top Questions To Ask To Initiate The Sale

IPS with Global Correlation is a security
capability deployed with Cisco IPS Sensor
Software Release 7.0. Global Correlation
harnesses the power of Cisco Security
Intelligence Operations, the world’s largest
threat monitoring network, to achieve
unprecedented threat management efficacy.
Global threat information is turned into
actionable intelligence, such as reputation
scores, and pushed out to all enabled
technologies.
Value Proposition Key Points
Global Correlation makes Cisco IPS 7.0 twice
as effective as signature-only IPS technologies.
Reduces network down time and prevents DoS
attacks. GC IPS is able to identify and prevent
attacks and attackers, and provide (and receive)
global awareness.
Reduces operational costs associated with
having to manage, update, and propagate
updated signatures
Increase worker (IT-Security) efficiency by
focusing key business functions and actionable
events.
Where It Fits
SensorBase
1. “How are you currently identifying and
preventing attacks and attackers ?”
2. “How confident are you in knowing that
your IPS is blocking and permitting
traffic based on real attacks?”
3. “Does your current signature based IPS
solution only detect attacks that are
already under way, and only have local
threat awareness?”
4. “Are you aware that 50% of attacks are
from repeat offenders? (every attack a
bad guy attempts counts against him in
GC IPS’ risk rating system)”

Global Correlation provides Cisco IPS with Cisco Threat

Operations Center
PROTECT
IPS 7.0 protects your network with updates every five
updates on new threats 100 times faster than minutes providing your reputation filter with information
Global Global
signature updates. Threat Threat based on global data analysis.
Telemetry Telemetry
CORRELATE
Global Correlation decreases false positives Dynamic Updates and SensorBase updates the IPS with data correlated from
Actionable Intelligence over 500 3rd party feeds and over 700,000 sensors
with reputation analysis
across multiple technology types.

Global Correlation leverages the global threat w ww RESPOND

The GC IPS can respond to threats before they occur
visibility of Cisco SIO Intrusion Email Web System
Prevention Security Security Administrators using a reputation filters to remove the worst offenders.
Solution Appliances Appliances
 Global Correlation (GC) for IPS
Top Customer Objections
•Broad Network Coverage
•Edge : Distribution : Core : Internal
“We needI’m
Objection: to concerned Global •Teleworker : Branch : Campus :
upgrade our
Objection: How do I know this
Data Center
Correlation will block my incoming
firewall” won’t compromise my current IPS
traffic. security? •Diverse Platform Options
•Enabling broad deployment
flexibility, easily integrated into
Answer: Global correlation can be Answer: Again, there are multiple network management and
implemented in Audit mode ways of integrating Global deployment models
allowing you to view what traffic Correlation into your Risk Rating. •Unified Management and
global Correlation would have The first is passive, your IPS will be Operations
stopped. Once you are comfortable receiving updates from SensorBase •Single update package
•Consistent management
with what the Reputation Filter and but doesn’t act on them. It will only
Global Inspection would have log the threats it would have •Enterprise-class solutions
caught you can begin to use Global stopped. As you become more •Sub-200 micro-second latency
Correlation. for ensuring quality of low-
comfortable with it you can begin to latency applications
add Reputation Filtering and Global •Highly reliable via hardware
Objection: Will my network remain Inspection to your Risk Rating and software failover
safe if I share it with Cisco? mixture
Answer: Yes, all data sent to
SenserBase is anynomous and there
are actually three methods of
participation in Global Correlation
Appliances Cisco Router Module
Clean
that can be applied to your IPS. The Switch Module
Access (CCA)
first is non-participation: Your IPS
will be receiving updates from
SensorBase but will not send any
information back. Partial
Participation allows you to send
information regarding the attack and
attacker. Full participation takes this
a step further where you would
anonymously supply the victim port
and IP.

http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html
 ASA BATTLE CARD
“My “The useful life of
“We need to be able “We need to be our investment in “Support for multiple
administrators are
to protect against able to protect our “We
“Weneed
needtoto having a hard time security vendor solution
deploy creates problems
deploy SSLVPN”
SSL
threats, known and unified technologies
unknown (i.e. like communication VPN” managing all our
continues to shrink” and is expensive”
security devices”
filtering botnet services.”
traffic)”

What It Is Customer Benefits Top Questions To Ask To Initiate The Sale

Prevent network outages with “Improve Threat
ASA is a multi-purpose appliance that allows Mitigation”. Leverage Cisco’s Security Intelligence
customers to deploy security services as needed to Operations ability to centralizing information and threat
signatures issued from all security technologies of the
meeting business requirements. Services delivered
Cisco portfolio
through the ASA platform include:
Lower TCO and seamless integrate all types of VPN
 Firewall devices with a “Comprehensive Connectivity” solution.
Cisco Secure remote access solution is recognized as the
 IPS world’s widest-deployed solution, offering the richest
range of connectivity in a single, versatile appliance
 Content Security
“Deployment Flexibility” reduce OPEX and
troubleshooting man-hours. Secure Remote Access
 SSL/ IPsecec VPN
solution allows for all elements of the company’s InfoSec
policy to be deployed and manage in a centralized place.
 Unified Communications Security
Adhere to PCI “compliancy” at branch location
Value Proposition Key Points
Where It Fits
Provides Botnet Traffic Filter, with the integration of the
Cisco Security Intelligence Operations to protect the internal
network from Malware threats and prevents other malicious Mgmt-
activity due to infect client machines. NOC
Extranet
 ASA 5505 with IPS Security Service Card (SSC) Module
for SMB market to meet PCI compliancy. Partner
core WAN
Cisco 5580 can scale to support 10k Unified
Communications Proxy (phone, mobility, presence Campus
Internet Branch
federation, and TLS support) sessions Edge
Data
Broadest range of security options for secure remote access
Center
E-
 Affordable, flexible solution for short-term bursts of VPN Commerce
users
 Firewall and enforce policies for internal and external
NAT’ed multicast traffic
1. Do you have the means to react and update your email
filters, web filters and reputation, IPS/ filtering as well
as share statistics globally amongst other Cisco devices.
2. Are you able to scale and protect your network against
threats to your unified communications applications.
3. Are you able to detect, isolate, and manage Botnet
attacks?
4. Are you able to automatically update your anti-malware
database?
5. Are you able to detect end-users accessing rogue IP
addresses or domains that could effect your internal
network?
6. Are you interesting in consolidating security services
into a single platform?
7. Are you currently looking to deploy SSLVPN, IPsecEC
VPN or both in your organization?
8. Do you need to reduce your total cost of ownership at
your branch locations while still providing secure
access, firewall, and content filtering (and adhere to
PCI)?
9. Does your solution securely and cost effectively1 allow
for burst of traffic during pandemic situations?
10. Do you have applications which need to be remotely
accessed by mobile users?
11. Are you looking for ways to reduce cost and complexity
with your network security?
12. Have you experienced business disruption due to a
worm or virus?
13. Are you looking to upgrade your existing security
system or add additional security services to your
network such as firewall and/or intrusion prevention?
PROTECT
The ASA 5500 helps protect corporate assets by preventing
malicious software downloads and unauthorized access.
DETECT
The ASA helps detect vulnerabilities by scanning email &
messaging for virus.
 ASA BATTLE CARD
Top Customer Objections Total Cost of Ownership Your Competition
Objection: We currently have an ASA deployed but
would “We
like toneed
test thetoBotnet Traffic Filter. Firewall Technology IPS Technology VPN Technology Checkpoint:
upgrade our Cisco PIX Cisco IPS Cisco VPN 3000 Attack Your Response
Answer:firewall”
Customers with existing ASAs can order the
licenses. All Cisco ASAs will ship with 1-year free Integrated Cisco offers centralized
trial. Management. security management across
Cisco management routers, appliances and
Objection: We already have a firewall. solutions endpoints. For logging and
NEW!! Includes are complex and data analysis, we offer our
Answer: The ASA is a security platform and can be Botnet Traffic Filter – not MARS product. The last 3
used as a firewall as well as an IPS, VPN Concentrator Free 30-Day integrated into a products that CheckPoint
or network Anti-X solution. single introduced: InterSpect,
Introductory License
solution Connectra, Integrity have only
Objection: I don’t want to pay for all of those
capabilities if I’m not using them. limited support within
SmartCenter such as logging
Answer: ASA is modular – all those capabilities are Cisco ASA and updates.
there in a single device, but you only pay for those
functions you need. Disparate Devices List (CapEx) Adaptive Security Appliance List (CapEx) Cisco is a router Being a router/switch plus
SMB Head-end Firewall $4,500.00 ASA 5520 w/FW, IPS & VPN $12,495.00 company, security vendor is
SMB Head-end IPS Appliance $8,000.00 DISCOUNT 30%
Objection: I don’t feel comfortable allowing one Head-end VPN Concentrator $10,000.00 TOTALS $8,746.50
not a security advantageous. You can offer
company to provide this much of my security solution. SUB-TOTALS $22,500.00 One device to manage with one console, one company. CP end to end security solution for
DISCOUNT 30% Technical Assistance Center (TAC) to work with. only thinks about the whole enterprise. NAC on
Answer: Cisco has dedicated teams of experts TOTALS $15,750.00 Significantly reduce OpEx. security switches/routers, CSA on
developing each security solution (IPS, Firewall, VPN, and nothing else. desktop, built-in FW/IDS with
etc). IOS, dynamic ARP inspection
and IP source guard for voice
Objection: During pandemic situations we need to be
security, end to end voice
able to support large burst of traffic with our existing Success Story Proof Points encryption.
ASAs.
Juniper:
Answer: The Cisco VPN Flex licenses are designed to
“The Cisco ASA 5500 Series IPS Edition allows us to not only fulfill a Sales Tactics: Positions SSL VPN to the Sec Ops Decision
allow for an increase (traffic burst) in the total number
of SSL VPN concurrent users on an ASA for a short regulatory requirement, but also, more importantly, to do the right thing Makers to gain strategic entry points, especially in Financial
period of time. and make sure we are being as proactive as possible with our network industry.
security.”
-- Benjamin Craig, Vice President of Information Systems for River Attacks: IOS is unstable, Cisco’s service module strategy
What Is The Closest Link? adds complexity & cost
City Bank
ASA Security Response: Lead with our Security position in the market
Service (#1), educate customer on IOS strength in the SDN story,
Modules highlight TCO and investment protection for customer
related to the service module approach.
Additional Resources

Service Modules plug in to allow

ASA Web Site: http//www.cisco.com/go/asa
customer to turn on security services
as needed.