Customer Presentation SCRIPTED Cisco ONE Advanced Security Use this presentation to pitch Cisco ONE Advanced Security offers to customers primary audience network buyer secondary audience security buyer ID: 755460
Download Presentation The PPT/PDF document "Customer Presentation September 2016" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Customer Presentation
September 2016
Customer Presentation [SCRIPTED]
Cisco ONE Advanced SecuritySlide2
Use this presentation to pitch Cisco ONE Advanced Security offers to customers – primary audience - network buyer, secondary audience – security buyer
First, please read the section in this deck titled “Internal Only
Important Sales Information: Must Read”
Familiarize yourself with the 4 buying programs and where to position Cisco ONE Advanced SecurityThere are 2 slides that provide the summary of the offers in section “2 slide overview”
The rest of the deck contains an introduction & 3 sections one each for Data Center, WAN/Edge & Access.
Each section is self-containedThe slide “Security Disrupters and Trends” has 2 options – one high level and one detailed. Use one or the other depending on your audienceYou can present either all 3 sections together or specific sections of interest.Each slide is scripted.Use in slideshow mode for animations
How To Use This Presentation
Remove This Slide Before PresentingSlide3
2 slide overviewSlide4
The Need For Simplicity In Security
Sophisticated Attacks
No Place Spared
DC | WAN | Access | Endpoints
Solution Complexity
30+ Solutions Deployed On Average
Gaps In Solutions
Customers Are Less Secure Than Ever
© 2016 Cisco
And/Or
Its Affiliates. All Rights Reserved. Cisco ConfidentialSlide5
Cisco ONE Advanced Security
Making It Easier To Protect The Inside And Perimeter Of Your Organization
© 2016 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential
Secure Remote Access And Client VPN
Advanced Malware Protection
Intrusion Prevention
Blocks Over 280M+ Out Of
Policy Websites
Centralized Identity And Context
Based Access
Visibility, Compliance And
MDM Support
VPN & Secure Endpoint
Advanced Malware Protection
Intrusion Prevention
Blocks Over 280M+ Out Of
Policy Websites
Virtualized Firewall Services
URL FilteringAMPSecurity ContextNG IPS
Data Center
URL Filtering
AMP
AnyConnect Plus
NG IPS
ISE Plus
ISE Apex
AnyConnect Apex
Access
WAN and Edge
Simple
Predefined Offers
Investment Protection
For Midterm Upgrades
Flexible
And Integrated
Access To Latest
Threat Intel. & FeaturesSlide6
Security Disrupters and Trends
50+ Different Vendors
Complexity Is Making Customers More Vulnerable
Sophisticated, Distributed Attacks
Global Cybercrime Market Is $450B – $1T
Security Has Been A CIO Top 5 Spending Priority Since 2006
Option 1
Customers Are Less Secure Than Ever
Active Adversaries
Aren’t Going Away
Security Is A
Board Level ConcernSlide7
Mobility/BYOD
3.3 Devices Per Knowledge Worker
1
Cloud
545 Cloud Apps Per Organization
2
Internet Of Things
15 Billion Devices By 2015
1
Source: (1) Cisco IBSG (2) Skyhigh Networks Industry Report (3) CNBC (4) The Nilson Report Aug 2013 (5) Cisco 2014 Security Report (6) Ponemon Institute Study (7) TrustWave 2014State of Risk Report
New Attack Vectors
Malicious Traffic Visible On 100% Of Corporate Networks
5
Sophisticated Cybercriminals
Or Nation States
Global Cybercrime Market: >$450B
3
Digitization Of Information$11B Estimated Payment Card Fraud4
Multiple Data Locations & Platforms
63% Of Surveyed Businesses Do Not Have A Fully Mature Method To Control And Track Sensitive Data
7
High Operational Costs
& Lack Of Flexibility
54% Of Breaches Remain Undiscovered For Months
6
Increasing
Attack Surface
Dynamic
Threat Landscape
Complexity & Fragmentation
Security Disrupters and Trends
Option 2Slide8
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
Attack Continuum
Network
Endpoint
Mobile
Virtual
Cloud
Detect
Block
Defend
DURING
Cisco Threat Centric Security Model
Point in Time
ContinuousSlide9
Let Us Look At Security In 3 Key Areas
Data Center
Branch – WAN & Edge
AccessSlide10
Secure Data CenterSlide11
Why is Data Center Security So Important
Without integrated security, our customer’s data centers are at risk
60%
of data is
stolen in
HOURS
54%
of data center breaches remain undiscovered for
MONTHS
YEARS
MONTHS
WEEKS
HOURS
START
85%
of data center intrusions
aren’t discovered for
WEEKS
51%
increase in companies
reporting a $10M loss
or more in the last
YEARSlide12
What If You Could
Continuous Business Operations
Fast Recovery After Attack
Data & Application
Integrity
Detect
Stealth Malware & Other Malicious Activity
Sooner
Get
Visibility
Into All Data Center Traffic: Users, Apps, Files & Threats
Detect & Stop
Known &
Unknown Threats
Protect Against
Multi-Vector Attacks
Reduce
complexity
Across the Attack Continuum at Scale
Reduce
RiskSlide13
Cisco ONE Advanced Security: Threat Defense for Data Center
FirePOWER Services on FirePOWER & ASA*
Detect, Block
Stealth Malware And Zero Day Attacks
With AMP
Virtualize ASA Firewall for
Segmented Policies
With Security Context*
Multi-vector Known & Unknown Threat
Prevention & Mitigation With Sourcefire
Next Gen IPS
Reputation & Category Based
Filtering Of 280M+ web sites
In 80+ Categories
** Security Context available on ASA platform (not FirePOWER) | ASA Software image updates covered as part of SmartNet |
FireSight Management Center is recommended and must be purchased separately
Virtualized Advanced Firewall Services
Next Generation Intrusion Prevention
Advanced Malware Protection
Block
Out-
of
-
policy
Websites
Cisco ONE Advanced Security:
Threat Defense for Data Center Slide14
FirePOWER Services on FirePOWER & ASA
Security Context*
*Security Context available on ASA platform (not FirePOWER)
Mitigate and protect data center resources across the attack continuum
Multi-layered threat defense in a single device
Full contextual visibility of users, infrastructure, applications, and content
Multi-vector threat & breach detection with automated defense response
Cisco ONE Advanced Security: Threat Defense for Data Center
Delivers Comprehensive Security Capabilities
Capabilities for
Secure Data Center
Threat Centric
Security Model
Cisco ONE Advanced Security: Threat Defense for Data Center
Attack ContinuumSlide15
Customer Case Study
Beachbody, LLC
Challenge
Disparate network without standardized platform hindered growth
Isolated data, security, and telecom did not allow single-pane network view
Manual configuration and management of firewalls required intensive time
Solution
Built a new data center with following security capabilities
Cisco ASA 5585-X Next-Generation Firewall
Cisco Identity Services Engine
Cisco TrustSec
Results
Reduces data center footprint by 50 percent
Automates management in virtualized environment with simplified rule set
Simplifies security management and operations, while leaving room for future growth Slide16
Customer Case Study
Expo Milan
Challenge
Protect visitors and pavilions with an advanced, effective, and pervasive security system
Manage both the physical and the digital components from a single control platform
Solution
The Cisco’s integrated approach to advanced protection from security threats
ASA protected traffic from and to cloud
AMP and IPS used to analyze 40Gbps of traffic for intrusion attempts
Results
Blocked more than half a million intrusion attempts during 6 months
Stopped more than 10,000 attempts to take control of applications and devices
Pervasive protection right across the networkSlide17
ASA 5585-X Subscriptions
FirePOWER 9300/4100 Subscriptions
Cisco ONE Advanced Security: Threat Defense for Data Center
ASA 5585-X FirePOWER (IPS, URL, AMP)
Security Context
FirePOWER 9300/4100 FirePOWER Threat Defense (IPS, URL, AMP)
Subscriptions*
Detailed Licenses
ASA 5585-X Appliance
FirePOWER 9300 or 4100 Appliance
Required Hardware (Purchased Separately)
*Includes software support (signature updates, license portability & access to on-going innovation)Slide18
Cisco ONE Advanced Security Benefits
© 2016 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential
Simple
Predefined
OffersInvestment
Protection
for Midterm
Upgrades
Flexible
Access to Latest
Threat Intel.
and FeaturesSlide19
Upfront Savings with Cisco ONE Software
Cisco ONE Adv. Security Subscription Savings Illustration
For Data Center
Prices may vary for other platformsSlide20
Secure WAN & EdgeSlide21
Rich Media
Content
Omni-channel
Experience
Source: Gartner: How to Cost-Justify WAN Optimization
Remote
Experts
Thin Client
Apps
Mobility
Digital
Signage
Why is Branch Security Important
*
Tech Target, Branch Office Growth Demands New Devices, 2013 | **US The Census Bureau of the Department of Commerce, 2015
Cloud/
SaaS
Guest Wi-Fi
IoT
“By 2016,
30%
of advanced targeted threats
–
up from less than
5%
today
–
will specifically target
branch offices
as an entry point.”
80%
Of employee and customers are served in branch offices*
More Users
73%
Growth in in mobile devices from 2014–2018**
More Devices
20–50%
Increase in Enterprise bandwidth per year through 2018**
More Apps
Branch
BranchSlide22
What If You Could
Allow
secure remote access
, site to site
Protect data
from eavesdropping, unauthorized access and tampering
Secure Direct Internet Access
Defend against threats such as
malware, intrusions & denial-of-service
attacks
Meet regulatory compliance requirements
Secure Connectivity
Branch Threat DefenseSlide23
Secure IWAN (DMVPN, Integrated Firewall, ACL & TrustSec)
Enable Secure hybrid WAN
Secure connectivity across the WAN
Secure direct internet access
Basic VPN services & Perimeter Control
Cisco ONE Foundation for WAN
That Delivers Foundational Security Capabilities
Capabilities for
WAN
Intelligent WAN
Cisco ONE Foundation for WANSlide24
Cisco ONE Advanced Security: Threat Defense for WAN & Edge
FirePOWER Services on ASA, AnyConnect Plus
Detect, Block
Stealth Malware And Zero Day Attacks
with AMP
Secure Remote Access & Client VPN
With AnyConnect Plus
Multi-vector Known & Unknown Threat
Prevention & Mitigation with Sourcefire Next Gen IPS
Reputation & Category Based
Filtering of
280M+
websites
in 80+ Categories
ASA Software image updates covered as part of SmartNet
FireSight Management Center is recommended and must be purchased separately
Remote
Access
Next Generation Intrusion Prevention
Advanced Malware Protection
Block Out-of-policy Web Sites
Cisco ONE Advanced Security:
Threat Defense for WAN & EdgeSlide25
FirePOWER Services on ASA
AnyConnect
Plus
Protect branch against targeted attacks
Multi-layered threat defense
in a single device.
Visibility Into Applications and Devices
Secure Mobile, Remote Access
Multi-vector threat & breach detection with automated defense response
Cisco ONE Advanced Security: Threat Defense for WAN & Edge
Delivers Expanded Security Capabilities
Attack Continuum
Capabilities for
Secure Branch
Threat Centric
Security Model
Cisco ONE Advanced Security: Threat Defense for WAN & EdgeSlide26
Customer Case Study
Swanson Health Products
Challenge
Protect business and sensitive customer information from network security threats
Help ensure security protections do not
reduce productivity
Simplify security management
Solution
Deployed Cisco ASA 5585-X Adaptive Security Appliance with Next-Generation Firewall Services
Results
Selectively gave employees access to
different websites needed for jobs
Improved compliance with Payment Card
Industry (PCI) security standards
Reduced help desk calls regarding website
access by 50 percent Slide27
Cisco ONE Advanced Security Benefits
© 2016 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential
Simple
Predefined
OffersInvestment
Protection
for Midterm
Upgrades
Flexible
Access to Latest
Threat Intel.
and FeaturesSlide28
ASA 5500-X Subscriptions
Cisco ONE Advanced Security: Threat Defense for WAN & Edge
ASA 5500-X FirePOWER (IPS, URL, AMP)
AnyConnect Plus
Subscriptions*
Detailed Licenses
ASA 5506, 5508, 5516, 5525, 5545, 5555 Appliance
Required Hardware (Purchased Separately)
*Includes software support (signature updates, license portability & access to on-going innovation)Slide29
Upfront Savings with Cisco ONE Software
Cisco ONE Adv. Security Subscription Savings Illustration
For WAN & Edge
*Prices may vary for other platformsSlide30
Secure AccessSlide31
It’s harder than ever to see who is on your network and what they are doing
?
?
?
31
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
And you can’t protect what you don’t see
of surveyed organizations are not “fully aware” of the devices accessing their network
90%
of companies say their mobile devices were targeted by malware in the last 12 months
75%Slide32
What If You Could
Ensure Access From Anywhere
Enable secure access
to the enterprise network for any user, from any device, at any location
Gain Greater Visibility
Provide IT with
full visibility
into users & devices
Deliver a Solution That’s Easy to Use
Provide a seamless
user experience without
creating complexity
Keep Users and Devices Secure
Main Data & Application Integrity Through
User and Device ProtectionSlide33
Cisco ONE Advanced Security: Policy & Threat Defense for Access
Integrated Policy Based Secure Access
Advanced Compliance
Centralized Identity
& Context Based
Access from Anywhere (ISE-Plus*)
Visibility, Compliance
& MDM Support
(ISE-Apex)
VPN & Secure Endpoint
(AnyConnect Apex)
* Note: Cisco ONE Foundation is not a pre-requisite for Cisco ONE Advanced Security offer (Exception: ISE-Base is required for ISE Plus)
Endpoint Security
Identity & Device Based Secure Access
Cisco ONE Advanced Security:
Policy & Threat Defense for AccessSlide34
Identity Services Engine (ISE) Plus & Apex
AnyConnect Apex
Secure Applications &
Data Through Context
Based Access
Access based on Identity & Context (Device, Location)
Broad Visibility into Users, Devices & Traffic
End Device Compliance
Cisco ONE Advanced Security: Threat Defense for Access
Delivers Comprehensive Security Capabilities
Attack Continuum
Capabilities for
Secure Access
Threat Centric
Security Model
Cisco ONE Advanced Security:
Policy & Threat Defense for AccessSlide35
Customer Case Study
VyStar Credit Union
Challenge
To protect customer's financial information, VyStar needed a way to control network access
The secure connection had to be easy for employees-and fast
Solution
Before allowing a device to connect, Cisco Identity Services Engine authenticates the user and device
It also checks that the device is running the latest security software
Employees find it easy to connect to the VPN using AnyConnect Secure Mobility Client
Results
The network team has tight control over
who and what can connect to the network
And connecting is just as fast and simple as
it was beforeSlide36
Cisco ONE Advanced Security Benefits
© 2016 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential
Simple
Predefined
OffersInvestment
Protection
for Midterm
Upgrades
Flexible
Access to Latest
Threat Intel.
and FeaturesSlide37
Cisco ONE Advanced Security:
Policy & Threat Defense for Access
ISE and Any Connect Subscriptions
ISE Apex
ISE Plus
AnyConnect Apex
Subscriptions*
Detailed Licenses
ISE appliance
Required Hardware (Purchased Separately)
*Includes software support (signature updates & access to on-going innovation)Slide38
Cisco ONE Adv. Security Subscription Savings Illustration
For Access
* Prices vary for other platformsSlide39
Advanced ServicesSlide40
Quick-Start Services
Adoption, Change Management, and Optimization Services
Simplified Professional Services Specifically Designed To:
Provide expert business guidance along with deep security expertise
Help assess and
analyze risks and
evolve security strategy to stay ahead of industry disruptions
Update and align security infrastructure to adopt BYOD, Cloud, and IoT
Improve efficiency and increase network security and reliability
Support incident investigation and remediation with access to security investigators and engineers 24/7/365
Services for Cisco ONE For Advanced Security
Making it easier to consume the value of Cisco’s softwareSlide41Slide42
Cisco ONE Advanced Security: Threat Defense for Data Center
Protecting the Inside and Perimeter of Organization
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Advanced malware protection
Intrusion prevention
Blocks over 280M+ out of policy websites
Virtualized firewall services
Security
Context
Data Center
URL
Filtering
AMP
NG IPS
Supported on ASA 5585-X and Firepower 4100/9300 Appliance (purchased separately)
Subscription includes software licenses & software support (software & signature updates, midterm upgrade credits)Slide43
© 2016 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential
Advanced malware protection
Intrusion prevention
Blocks over 280M+ out of policy websites
Secure remote access and client VPN
Anyconnect
Plus
WAN and Edge
Cisco ONE Advanced Security: Threat Defense for WAN & Edge
Protecting the Inside and Perimeter of Organization
URL
Filtering
AMP
NG IPS
Supported on ASA 5506, 5508, 5516, 5525, 5545, 5555 Appliance (purchased separately)
Subscription includes software licenses & software support (software & signature updates, midterm upgrade credits)Slide44
Cisco ONE Advanced Security
Protecting the Inside and Perimeter of Your Organization
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Centralized identity and context
based access
Visibility, compliance and MDM support
VPN and secure endpoint
Anyconnect
Apex
ISE Apex
ISE Plus
Access
Supported on ISE physical/virtual appliance (purchased separately)
Subscription includes software licenses & software support (software & signature updates, midterm upgrade credits)Slide45
Threat
Protection
Cisco AnyConnect
AnyConnect – Way more than VPN
Basic VPN
Endpoint Compliance
Enterprise Access
Inspection Service
Network Visibility
AnyConnect features
Integration with other Cisco solutions
Identity Services
Engine (ISE)
ASR / CSR
Switches and
Wireless Controllers
Cloud Web Security Services (CWS + WSA)
ISR
Adaptive Security
Appliance (ASA)
Advanced VPN
NetFlow Collectors
Advanced
Malware ProtectionSlide46
Network Resources
Access Policy
Traditional
Cisco TrustSec®
BYOD Access
Threat Containment
Guest Access
Role-Based
Access
Identity Profiling
and Posture
Who
Compliant
What
When
Where
How
Introducing Cisco Identity Services Engine (ISE)
A centralized security solution that automates context-aware access to network resources and shares contextual data
Network
Door
Physical or VM
Context
ISE pxGrid
ControllerSlide47
Gain visibility into who and
what is on your network
Grant access on a
“need to know” basis
Provide threat context to network behavioral analysis
Contain through network elements and security ecosystem
Get better forensics and prepare for the next attack by sharing information with ecosystem partners
Context Enhances Protection Across the
Attack Continuum
BEFORE
ISE
How
What
Who
Where
When
DURING
AFTER