Cisco TrustSec How to Sell

February 2010

Announcing

Cisco TrustSec
An industry-leading solution enforcing access and policy in the secure borderless network

TrustSec now includes:

Catalyst Switches: Identity based networking services (802.1X based technologies)

Security Group Tagging (SGT)

Cisco Secure Access Control System (ACS) Cisco Network Admission Control (NAC)

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Market Opportunity
A recent Gartner survey indicates that 50% of enterprises plan to implement 802.1X in their wired networks by 2011.

* Source: Gartner, July 2008

Presentation_ID

2009 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

What Does TrustSec Do?

1
Identifies Authorized Users Increases Network Visibility

Who are you?

An 802.1x or a Network Admission Control (NAC) appliance authenticates the user.

What are you doing?

The users identity, location, and access history are used for compliance & reporting.

Personalizes The Network

What service level do you receive?

The user is assigned services based on role and policy ( job, location, device, etc.).

Enforces Access Policy

2010 Cisco Systems, Inc. All rights reserved.

Where can you go?

Based on authentication data, the user is placed in the correct VLAN.
Cisco Confidential

C97-576464-00

Why Customers Care:

Addressing top business initiatives with TrustSec
Enables Secure Collaboration Dynamically authenticate and assign access based on user role, device, and location Strengthens Security Enforce consistent security policy and ensure endpoint health Supports Compliance Provide real-time access visibility and audit trails for monitoring and reporting

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

How TrustSec Works:

Controlling Network Access
Identity Information Other Conditions Authorization
(Controlling Access)

Group:

Time and Date

Broad Access Limited Access

Full-Time Employee

Group:

Contractor

+
Posture Location Access Type

Guest/Internet Quarantine Deny Access

Group:

Guest Track for Accounting

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

TrustSec Core Technical Components

SWITCH IDENTITY DEPLOYMENT FEATURES

NEW

Cisco Catalyst and Nexus 7000 switches

SWITCH INTEGRATION: NAC PROFILER & GUEST

Infrastructure Components

ACS 5.1
ACS 5.1 NAC Manager NAC Server

NAC Profiler
Profiles unmanaged devices and applies policy based on device type

NAC Guest
Full-featured guest provisioning server

Policy/Security Components

Access Policy System for 802.1X termination and identity-based access control

Centralized management, Posture, services, configuration, reporting, and enforcement and policy store

Endpoint Components

802.1X Supplicant
802.1X supplicant via CSSC or native supplicant

NAC Agent
No-cost client for device-based scans

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

VLAN is good, but let's also add "restricted access using dynamic ACL" (VLAN doesn't work for all customers)

TrustSec Capabilities
in the Secure Borderless Network Enhanced Switch Features
More authentication options: FlexAuth, WebAuth Additional deployment capabilities: Open Mode, IP Telephony

Cisco ACS 5.1:

Improve operations with monitoring and troubleshooting

Cisco Guest and Profiler: Lower the cost of managing identity and policy
in both a .1X and appliance environment

Security Group Tagging (SGT) on the Nexus 7000

Enforces role-based access control to servers within a security group
Provides flexibility by not being dependent on the network topology

MACsec:
C97-576464-00

Addresses compliance by providing an encrypted link from the Catalyst 3750-X, 3560-X, and Nexus 7000 to the endpoint
2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential

TrustSec: Two Options for Flexible Access Control

Qualifying Questions
802.1x or industry standard mandate over next 1-2 years? Customer want to leverage switch infrastructure for enhanced capacity & overall capability? Immediate need for posture assessment? Largely non-Cisco access infrastructure?

Portfolio
ACS & SWITCHES ACS & SWITCHES

1
ACS & SWITCHES
(INFRASTRUCTURE) Upgrade legacy switches Sell/Upgrade ACS Sell CSSC

2
NAC
(APPLIANCE) Sell NAC Server

NAC NAC

Sell NAC Manager

Upsell NAC Profiler Upsell NAC Guest

Note Guest Server and Profiler can be deployed with both NAC and ACS

Upsell NAC Profiler

Upsell NAC Guest

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

TrustSec Sales Opportunities

Create migration opportunities from legacy switches Include security technology Add high-margin professional services

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10

Migration Opportunity: Total Market

2K 3K 4K 6K

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

Catalyst Migration Opportunity: Optimal Path

Legacy Catalyst 2940, 2950 Catalyst 2970 Catalyst 3550 Catalyst 400x & 4500 non-E Series (SUP1, SUPII , SUPII+TS , SUPII+ , SUPII+10G, SUPIII, SUP-IV , SUPV ) Catalyst 6K Sup 1, Sup 2 Migration Plan 2960, 2960-S 2960, 2960-S, IE 3100 3560, 3750, 3560E, 3750E, 3560X, 3750X 4500 E Series (with Sup6-E, Sup6L-E, 4500 with SupV-10GE) Sup 32 or Sup 720

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

Sales Opportunity: Attach Security

Discuss enhanced capabilities of ACS 5.1 to drive migration NEW! (30,000 + customers). Demonstrate the best-in-class guest access management of NAC Guest Server.

Position the ease of deployment with NAC Profiler.

All technologies provided by the proven leader in Network Admission Control Cisco

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

13

Sales Opportunity: Offer High-Margin Professional Services

Business processes

Network discovery
Migration services Implementation services

Leveraging Cisco or partner services

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Sales Tactics
Low-hanging fruit
Enterprise (500+ users)
Security-conscious Regulatory compliance Internal mandates for 802.1X

Key decision influencers

Network decision-maker Security decision-maker Compliance officer IT director

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15

Sales Process

Presentation and demo

Assessment

Proof of Concept

Deployment

Tools Available:
Sales and technical presentations Infrastructure assessment guidelines Configuration guides for POCs Design and deployment guides

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

16

Sales Differentiators: Defend Against Competitors!

Market-leading solution
Ease of deployment: low and no-impact
deployment options)

Flexible: Three ways to authenticate using

a single configuration)

Efficient, consistent, and scalable:

Leverage your infrastructure and use a common policy)

Ease of ongoing management:

Security Group Tagging (SGT) enables scalable network access control through simplified network design

Complete, single vendor solution

C97-576464-00 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential

17

Switch Technical Differentiators

Flexible Authentication Sequencing Rolling authentication with a flexible sequence (.1x, MAB, and web authentication) Most flexible authentication in the market: automates the port configuration to accommodate all endpoint devices necessary to support the most enterprise use cases

Monitor Mode

Gathers information Critical to deploying network-based about device/user identity without locking out users or access without adverse devices impact

Unified Guest Access

Unified guest access with local web authentication on the switch

Same infrastructure for wired and wireless guest access same premiere user experience

C97-576464-00

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

18

TrustSec: Examples of Sales Opportunities

Large enterprise network Mid-sized network

Switch Migration:
50 Catalyst 6500 Series 50 Catalyst 3750 Series 2000 Catalyst 2960 Series

Switch Migration:
15 Catalyst 6500 Series 50 Catalyst 3750 Series 125 Catalyst 4500E Series

Attached Security:
14 Access Control Systems 3 Profilers (each up to 40,000 MAC addresses) 3 Guest Servers
C97-576464-00

Attached Security:
5 Access Control Systems 1 Profiler

$24M*
2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential

1 Guest Server
* Based on list prices

$7M*
19

Case Study
University of Montreal
Background
One of the top 100 universities in the world, with 55,000 students and an annual research budget of CAD$450 million

Business Challenges
Support collaboration between research groups Differentiated access for students, researchers and faculties

Cisco Solution Benefits

Tailored network services with identitybased access Scalable network environment Improves OPEX with network moves, adds and changes
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps7 08/case_study_c36-566762.html
C97-576464-00 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Our new network is more secure, and we can do a better job by giving more specialized service to people.
Michel L'Heureux Director of Telecommunications Universit de Montral

20

Next Steps
Resources
TrustSec Business Presentation NEW! TrustSec Technical Presentation NEW! TrustSec At-A-Glance NEW! TrustSec Quick Reference Card NEW!

Web Sites
Cisco Secure Borderless Networks, Cisco TrustSec, Cisco AnyConnect Secure Mobility internal Launch page http://wwwin.cisco.com/marketing/b orderless/security.shtml Partner Central Secure Borderless Networks Launch page www.cisco.com/go/sbn Cisco TrustSec external page www.cisco.com/go/trustsec
C97-576464-00 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential

21