Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
1© 2015 Cisco and/or its affiliates. All rights reserved.
Security Strategy
Managed Security Services
Ghassan Dreibi
Manag...
2© 2015 Cisco and/or its affiliates. All rights reserved.
The Digital Opportunity
Hackers
2© 2015 Cisco and/or its affilia...
3© 2015 Cisco and/or its affiliates. All rights reserved. 3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ...
4© 2015 Cisco and/or its affiliates. All rights reserved.
Security Solutions for Service Providers
Corporate IT Managed Cl...
5© 2015 Cisco and/or its affiliates. All rights reserved.
Security Solutions for Service Providers
Corporate IT
•  Network...
6© 2015 Cisco and/or its affiliates. All rights reserved. 6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ...
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
The Life Cycle of an Attack
•  Attack planning
•  ...
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
The Life Cycle of an Attack
Discover
Enforce
Harde...
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
The Threat-Centric Security Model
BEFORE
Discover
...
10© 2015 Cisco and/or its affiliates. All rights reserved.
Unified Solutions Across Deployments
Feature Consistency | Open...
11© 2015 Cisco and/or its affiliates. All rights reserved. 11© 2015 Cisco and/or its affiliates. All rights reserved. Cisc...
12© 2015 Cisco and/or its affiliates. All rights reserved.
ASA with FirePOWER Services
Industry’s First Threat-Focused
NGF...
13© 2015 Cisco and/or its affiliates. All rights reserved.
Collective Security
Intelligence (CSI)
Contextual Device, Netwo...
14© 2015 Cisco and/or its affiliates. All rights reserved.
VIRTUAL PHYSICAL
ASA 5585-X
16 Way Clustering with
State Synchr...
15© 2015 Cisco and/or its affiliates. All rights reserved.
Cisco Identity Services Engine (ISE) 1.3
Delivering the Visibil...
16© 2015 Cisco and/or its affiliates. All rights reserved.
Email and web are the top threat vectors
Data Loss
Acceptable U...
17© 2015 Cisco and/or its affiliates. All rights reserved.
File Sandboxing
Behavioral analysis
of unknown files
File Retro...
18© 2015 Cisco and/or its affiliates. All rights reserved. 18© 2015 Cisco and/or its affiliates. All rights reserved. Cisc...
19© 2015 Cisco and/or its affiliates. All rights reserved.
Flexible Deployment Options
Industry-leading, Best of Breed Ema...
20© 2015 Cisco and/or its affiliates. All rights reserved.
Cisco Security as a Service Solutions
Service Provider
Virtual ...
21© 2015 Cisco and/or its affiliates. All rights reserved.
Cisco Offers Two Security as a Service Solutions
Attribute Cisc...
22© 2015 Cisco and/or its affiliates. All rights reserved.
Evolution of Managed Security Services
Premise to Cloud
W W W
I...
23© 2015 Cisco and/or its affiliates. All rights reserved.
Challenges of MSSP
Complex, rigid and slow
Legacy Service
Reven...
24© 2015 Cisco and/or its affiliates. All rights reserved.
•  Physical
•  Virtual
•  Hybrid
Managed CPE Services
25© 2015 Cisco and/or its affiliates. All rights reserved.
CPE Services for SP
•  End-to-End Single-
Sourced Provider
•  M...
26© 2015 Cisco and/or its affiliates. All rights reserved.
CPEs Flexibility
Cisco ISR
ASA 5506
Meraki
27Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cis...
28© 2015 Cisco and/or its affiliates. All rights reserved.
“When to Sell What”
Meraki MX & ASA with FirePOWER Services & I...
29© 2015 Cisco and/or its affiliates. All rights reserved.
Feature Description Cisco ISR (without
Firepower)
ASA NGFW Mera...
30© 2015 Cisco and/or its affiliates. All rights reserved.
Cisco ISR UTM 1100, 2100, 3100
Complete package of WAN and Secu...
31© 2015 Cisco and/or its affiliates. All rights reserved.
When to position Meraki and Cisco
Cisco Enterprise Portfolio
 C...
32© 2015 Cisco and/or its affiliates. All rights reserved.
CPE Services for SP
(incl. vMS, HSS, CWS)
•  Lower OPEX Costs
•...
Cisco Confidential 33© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Hosted Security as a Service
•  D...
Cisco Confidential 34© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Management and Reporting
HS...
Cisco Confidential 35© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Management and Reporting
HS...
Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Management and Reporting
HS...
37© 2015 Cisco and/or its affiliates. All rights reserved.
CPE Services for SP
•  Lower OPEX Costs
•  Simplify Service
Del...
38© 2015 Cisco and/or its affiliates. All rights reserved.
•  Cloud Web Security (CWS)
•  Cloud Email Security (CES)
•  Ho...
39© 2015 Cisco and/or its affiliates. All rights reserved.
Web
Filtering WebpageWeb
Reputation
Application
Visibility and
...
40© 2015 Cisco and/or its affiliates. All rights reserved.
Cisco® Email Security
Before
AfterDuring
File
Retrospection
Rep...
41© 2015 Cisco and/or its affiliates. All rights reserved. 41© 2015 Cisco and/or its affiliates. All rights reserved. Cisc...
42© 2015 Cisco and/or its affiliates. All rights reserved.
Shadow IT Risk
Assessment Report
Business
Readiness Rating™
Aud...
43© 2015 Cisco and/or its affiliates. All rights reserved.
Business Case Review – LATAM Customers
44© 2015 Cisco and/or its affiliates. All rights reserved.
§  Virtualize services
§  Extend DC to Stores
§  Prepare for...
45© 2015 Cisco and/or its affiliates. All rights reserved.
Business Continuity – Primary requirement for
Retail
Primary
Li...
46© 2015 Cisco and/or its affiliates. All rights reserved.
Business Continuity – Primary requirement for
Retail
Primary
Li...
47© 2015 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 47
Tra...
48© 2015 Cisco and/or its affiliates. All rights reserved.
Network
Services
Simplify
Application
Delivery
One Network
UNIF...
49© 2015 Cisco and/or its affiliates. All rights reserved.
Cloud
Connected
Network
Mobile Router Firewall
The
Distributed
...
50© 2015 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 50
Add...
51© 2015 Cisco and/or its affiliates. All rights reserved.
Nächste SlideShare
Wird geladen in …5
×

Proteja seus clientes - Gerenciamento dos Serviços de Segurança

490 Aufrufe

Veröffentlicht am

Apresentação realizada pro especialista Cisco no Security Week

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Proteja seus clientes - Gerenciamento dos Serviços de Segurança

  1. 1. 1© 2015 Cisco and/or its affiliates. All rights reserved. Security Strategy Managed Security Services Ghassan Dreibi Manager, Business Development
  2. 2. 2© 2015 Cisco and/or its affiliates. All rights reserved. The Digital Opportunity Hackers 2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation ID Business Employees Consumers
  3. 3. 3© 2015 Cisco and/or its affiliates. All rights reserved. 3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Welcome to the Hackers’ Economy Source: CNBC Global Cybercrime Market: $450B-$1T (U.S.) How Industrial Hackers Monetize the Opportunity Social Security $1 Medical Record >$50 DDoS as a Service ~$7/hour DDoS Credit Card Data $0.25−$60 Bank Account Info >$1000 depending on account type and balance $ Exploits $100k-$300K Facebook Account $1 for an account with 15 friends Spam $50/500K emails Malware Development $2500 (commercial malware) Mobile Malware $150
  4. 4. 4© 2015 Cisco and/or its affiliates. All rights reserved. Security Solutions for Service Providers Corporate IT Managed Cloud Services Managed CPE Services Production Network Managed, Advisory & Implementation Services Protect Your CustomersProtect Yourself Threat Centric Security to Protect & Grow Your Business
  5. 5. 5© 2015 Cisco and/or its affiliates. All rights reserved. Security Solutions for Service Providers Corporate IT •  Network Security (NGFW, NGIPS, NaaS, NaaE) •  Advanced Threat Protection •  Email / Web Security •  Secure Access & Mobility Production Network •  SP Data Center •  SP Cloud •  SP Mobile Edge •  SP Infrastructure Edge Managed CPE Services •  Physical •  Virtual •  Hybrid Managed Cloud Services •  Cloud Web Security (CWS) •  Cloud Email Security (CES) •  Hosted Identity Services •  Cloud Access Security Protect Your CustomersProtect Yourself Managed, Advisory & Implementation Services Threat Centric Security to Protect & Grow Your Business
  6. 6. 6© 2015 Cisco and/or its affiliates. All rights reserved. 6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Common Concepts
  7. 7. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 The Life Cycle of an Attack •  Attack planning •  The intruder is trying to obtain access •  The intruder bypassed the controls •  A vulnerability is being exploited •  A malware arrived as part of an email or web access •  Credentials were stoled •  The intruder is inside the network Discover Enforce Harden Detect Block Defend Scope Contain Remediate
  8. 8. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 The Life Cycle of an Attack Discover Enforce Harden Detect Block Defend Scope Contain Remediate Attack Continuum BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Detect Block Defend DURING
  9. 9. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 The Threat-Centric Security Model BEFORE Discover Enforce Harden AFTER Scope Contain Remediate Attack Continuum Detect Block Defend DURING Network Endpoint Mobile Virtual Cloud Point in Time Continuous
  10. 10. 10© 2015 Cisco and/or its affiliates. All rights reserved. Unified Solutions Across Deployments Feature Consistency | Open APIs | Flexible Licensing Physical Virtual Cloud
  11. 11. 11© 2015 Cisco and/or its affiliates. All rights reserved. 11© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Solution Overview
  12. 12. 12© 2015 Cisco and/or its affiliates. All rights reserved. ASA with FirePOWER Services Industry’s First Threat-Focused NGFW #1 Cisco Security announcement of the year! •  Integrating defense layers helps organizations get the best visibility •  Enable dynamic controls to automatically adapt •  Protect against advanced threats across the entire attack continuum Proven Cisco ASA firewalling Industry leading NGIPS and AMP Cisco ASA with FirePOWER Services
  13. 13. 13© 2015 Cisco and/or its affiliates. All rights reserved. Collective Security Intelligence (CSI) Contextual Device, Network and End-Point Visibility Classic Stateful Firewall Gen1 IPS Application Visibility Web—URL Controls AV and Basic Protections NGIPS Vulnerability Management *Client Anti- Malware (AMP) Correlated SIEM Eventing Incident Control System Network Anti- Malware Controls (AMP) Behavioral Indications of Compromise User Identity NGFW Open APP-ID SNORT Open IPS Network/Host Trajectory Retrospective Analysis ThreatGrid Auto-Remediation *Agent Adaptive Security Sandboxing Retrospective DetectionMalware File Trajectory Threat Hunting Forensics and Log Management URL ReputationIP Reputation How Cisco Appears Competitively BEFORE DURING AFTER Cisco Only Cisco AND Competitors
  14. 14. 14© 2015 Cisco and/or its affiliates. All rights reserved. VIRTUAL PHYSICAL ASA 5585-X 16 Way Clustering with State Synchronization Scalable to 640Gbps ASAv •  Full ASA Feature Set •  Hypervisor Independent •  Virtual Switch Agnostic •  Dynamic Scalability ACI SECURITY SOLUTION STARTS WITH CISCO ASA ASA ASAv on VMWare – Available Today – Ask your SE
  15. 15. 15© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Identity Services Engine (ISE) 1.3 Delivering the Visibility, Context and Control for Secure Network Access NETWORK / USER CONTEXT How WhatWho WhereWhen PARTNER CONTEXT DATA CONSISTENT SECURE ACCESS POLICY ACROSS WIRED, WIRELESS and VPN
  16. 16. 16© 2015 Cisco and/or its affiliates. All rights reserved. Email and web are the top threat vectors Data Loss Acceptable Use Violations Malware Infections IPv6 Spam Blended Threats Targeted Attacks APTs Advanced Malware Rootkits Worms Trojan Horse 93% of customer networks access websites that host malware* *Cisco 2014 Midyear Security Report
  17. 17. 17© 2015 Cisco and/or its affiliates. All rights reserved. File Sandboxing Behavioral analysis of unknown files File Retrospection Retrospective alerting after an attack Advanced Malware Protection File Reputation Preventative blocking of suspicious files
  18. 18. 18© 2015 Cisco and/or its affiliates. All rights reserved. 18© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Offerings
  19. 19. 19© 2015 Cisco and/or its affiliates. All rights reserved. Flexible Deployment Options Industry-leading, Best of Breed Email Protection at the Gateway Deployment Options VirtualAppliance Multi-device Support Desktop TabletLaptopMobile Cloud ManagedHybridHybrid On-Premises Cloud
  20. 20. 20© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Security as a Service Solutions Service Provider Virtual Private Cloud Hosted Security Solution SP-Hosted Firewall, VPN Email, and Web Services Turnkey Public Cloud Cisco Managed Security Cloud Cisco or SP-Hosted, Cisco-Run Web Security Services
  21. 21. 21© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Offers Two Security as a Service Solutions Attribute Cisco Hosted Security Solution (HSS) Cisco Managed Security Cloud (CMSC) Services Phase 1: Web, Email - Phase 1.1: Firewall, VPN Cloud Web Security (formerly Scansafe) Delivery Model Virtual Private Cloud – SP Hosted Public Cloud – Cisco or SP hosted Pricing Model SP price per user and per usage Price per user SP CapEx Costs §  Web, Email, Firewall, VPN software licenses §  Cloud infrastructure (VMware, UCS, storage, Network Infrastructure) None SP OpEx Costs §  Bandwidth §  OSS / BSS §  Operations (People) §  Minimum commitment of users §  Hosting, including bandwidth (in case of SP hosted) Reporting / Log Data Owned by SP, stays at SP DC Centralized in Cisco Cloud Orchestration / Management With third-party tools (e.g. Ubiqube) Turnkey Cisco solution Connectivity Differences VPN link to customer site OTT internet connectivity
  22. 22. 22© 2015 Cisco and/or its affiliates. All rights reserved. Evolution of Managed Security Services Premise to Cloud W W W IPS WEB EMAIL MALWARECONTEXT Switching AP Voice NGFW VPN Routing NAT DHCP Cloud Switching AP Voice Hybrid CPE Managed CPESP W W W NGFW VPN IPS WEB EMAIL MALWARECONTEXT Switching NAT DHCP AP Voice Routing
  23. 23. 23© 2015 Cisco and/or its affiliates. All rights reserved. Challenges of MSSP Complex, rigid and slow Legacy Service Revenue Decline High Cost and Complexity Slow Service Creation and Service Delivery Cloud Readiness
  24. 24. 24© 2015 Cisco and/or its affiliates. All rights reserved. •  Physical •  Virtual •  Hybrid Managed CPE Services
  25. 25. 25© 2015 Cisco and/or its affiliates. All rights reserved. CPE Services for SP •  End-to-End Single- Sourced Provider •  Market-Leading: Gartner & NSS Labs •  Highly Customizable •  Flexible Configuration •  Open Architecture •  3rd Party Integration •  Full Visibility for SOC Analysts Managed CPESP BenefitsUse Case 1 WWW NGFW VPN IPS Web Email Malware Context Switching NAT DHCP AP Voice Routing Key Verticals: Government, Financial Services, Health Care, Utilities
  26. 26. 26© 2015 Cisco and/or its affiliates. All rights reserved. CPEs Flexibility Cisco ISR ASA 5506 Meraki
  27. 27. 27Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Extend the value of your NGFW Start with the hardware option that fits best All with built-in Application Visibility and Control (AVC), network firewalling, and VPN capabilities Desktop 5506-X Wireless AP 5506W-X Ruggedized 5506H-X Rackmount 5508-X/5516-X Add FirePOWER Services* for enhanced protection *Available as subscriptions Next-Generation Intrusion Prevention System (NGIPS) URL FilteringAdvanced Malware Protection (AMP) Choose the appropriate management solution Appliance sold separately FireSIGHT Management Center On-box manager comes standard Adaptive Security Device Manager (ASDM)
  28. 28. 28© 2015 Cisco and/or its affiliates. All rights reserved. “When to Sell What” Meraki MX & ASA with FirePOWER Services & ISR Bundle Meraki MX ASA with FirePOWER ISR Lean IT Focus: For highly distributed enterprises or enterprises seeking a best in class UTM and simple deployment Threat-focused NGFW with advanced threat protection capabilities in the lowest cost form factor available Standard FW, IPS and Web Security with iWAN capabilities and advanced network and communication support in the lowest form factor available Note: ISR4K now supports Firepower Radically simplified deployment and ultra low operating cost via cloud management with robust security that is optimized for highly distributed environments Unmatched visibility and control that enables correlation and analytics to automatically prioritize and protect against advanced threats Best ROI (simple, integrated, flexible), cost reduction with improved flexibility, secondary link, better performance through WAN optimization and expansibility through integrated UCS Ideal time to position: •  With Meraki networking environments •  Large multi-site deployments (100s/1000s sites) with full UTM requirements •  Against traditional UTM competitors •  When deployment of units to a high distributed enterprise is a issue Ideal time to position: •  Existing/refreshing ASA or PIX customers •  Distributed enterprises; smaller organizations •  Against legacy NGFWs and firewalls •  Against advanced UTMs with NG capabilities, with AMP/NGIPS Ideal time to position: •  Large multi-site deployments (100s/1000s sites) with iWAN requirements •  Stores, branches and small sites interested on a single device for both WAN and security •  WAN redundancy over 3G or ADSL connections
  29. 29. 29© 2015 Cisco and/or its affiliates. All rights reserved. Feature Description Cisco ISR (without Firepower) ASA NGFW Meraki MX Intelligent Path Selection Load Balancing Policy-Based Path Selection Number of Paths Supported Rapid Failure Detection and Mitigation Yes Yes (L7 / app level) Multiple (Any Transport) Yes (Blackout & Brownout) No Yes Multiple Yes Yes Yes (L3-L4 / Network level – based on loss, latency) 2 (Broadband, 4G, MPLS) Yes Security Virtual Private Network Firewall Intrusion Prevention & Detection Content/URL Filtering Anti-Virus Yes Yes Yes (Cisco IDS) Yes (Cloud Web Security) No Yes Yes Yes Yes Yes/No (AMP) Yes Yes Yes (Snort) Yes (Built-in) Yes (Built-in) Transport Independence WAN Connectivity Cellular IPv6 T1/E1, T3/E3, Serial, xDSL, Ethernet Yes (Integrated/Module) Yes Ethernet No Yes Ethernet Yes (Dongle) Planned (2H2015) Application Optimization WAN Optimization Content Caching Application Visibility Congestion Control Yes (WAAS) Yes (Akamai) Yes Yes (HQoS) No No Yes No No Yes (Squid-Cache) Yes Yes (L7 Traffic prioritization) Unified Communications Voice Gateway Session Border Controller Call Control Agent Yes Yes Yes No No No No No No Routed Protocols OSPF EIGRP BGP Yes Yes Yes Yes Yes Yes Planned (2H2015) Planned Planned (2H2015) Integrated Storage & Compute Integrated Compute Yes (UCS E-Series) No No Management Cloud Management Number of Sites Managed Plug and Play deployment No Thousands No No 300 No Yes Thousands Yes
  30. 30. 30© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ISR UTM 1100, 2100, 3100 Complete package of WAN and Security solutions Remote User / Hot Spot Mobile Device Guest Access Control Benefits : §  Centralized security basic features at local appliances §  Advanced security inspection at Cisco Cloud §  Network Segmentation and Control §  Business Continuity options – WAN HA Perimeter Firewall §  Security for internal and external access §  Protocol anomaly detection and stateful inspection Security Services Layers 2–7 §  Identify and react to new threats creating dinamic ACLs, new firewalls policies, signatures, etc. Network IPS §  Global threats vision and update §  Zero Day analysis Web Security - ScanSafe §  User web access control based on category and security levels – AV, Anti-Malware Management Solution §  Centralized management solution Service Modules §  IPS network module §  WAN Acceleration module CWS
  31. 31. 31© 2015 Cisco and/or its affiliates. All rights reserved. When to position Meraki and Cisco Cisco Enterprise Portfolio Cisco Cloud Managed Prime ISE Catalyst 2K/3K/4K/6K ASA - Firewall Cisco UTM Appliances - Routing MS Switches MX Security Appliances Aironet Access Points & Controllers Dashboard Cisco Networking Portfolio! MR APs Systems Manager 3rd Party MDM Integration Unparalleled Deployment Flexibility 100% Cloud Managed
  32. 32. 32© 2015 Cisco and/or its affiliates. All rights reserved. CPE Services for SP (incl. vMS, HSS, CWS) •  Lower OPEX Costs •  Minimize Truck Roll •  Simplify Service Activation •  Flexible service delivery and licensing models •  Enable Service Customization •  Flexible Deployment: SP or Cisco Managed Cloud CPESP BenefitsUse Case 2 Switching AP Voice
  33. 33. Cisco Confidential 33© 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Hosted Security as a Service •  Delivered from service provider’s infrastructure •  Orchestration SW interfaces with native appliance configuration mechanisms •  All customer data lives inside the SP Cloud environment •  Security on virtual form factor available today INFRA- STRUCTURE Hypervisor Cisco UCS Storage SERVICES LAYER WSAv WSAv ASAv Tenant 1 ESAv WSAv ASAv Tenant 2 ESAv CSR1Kv Tenant 3 ORCH. LAYER Policy Analytics Reporting SP existing orchestration, reporting, billing infrastructure § Provisioning API § Reporting API § Billing API
  34. 34. Cisco Confidential 34© 2013-2014 Cisco and/or its affiliates. All rights reserved. Centralized Management and Reporting HSS with ESAV Per user pricing model driven by features Inbound Security Outbound Control Virus and Malware Defense Spam Defense DLP Secure Messaging (Encryption) HSS CVD 1.0 AMP NOT in HSS CVD 1.0 (future release) Email Security as a Service Using ESAV HSS CVD 1.0 Release
  35. 35. Cisco Confidential 35© 2013-2014 Cisco and/or its affiliates. All rights reserved. Centralized Management and Reporting HSS with WSAV Web Security §  Anti-malware protection §  Web content analysis §  Script emulation Web Filtering §  Web usage controls §  Application visibility §  Bi-directional control Per user pricing model driven by features HSS CVD 1.0 AMP NOT in HSS CVD 1.0 (future release) Web Security as a Service Using WSAV HSS CVD 1.0 Release
  36. 36. Cisco Confidential 36© 2013-2014 Cisco and/or its affiliates. All rights reserved. Centralized Management and Reporting HSS with ASAV or CSR1000v Firewall Support § Stateful inspection § Application inspection § Network address translation § Encrypted traffic inspection § Protocol inspection Per throughput and per feature service pricing Smart Licensing Advanced Firewall § Identity-aware policy enforcement § Malware traffic detection and blocking § Botnet traffic filter § Voice and video security HSS CVD 2.0 Firewall as a Service Using ASAV/CSR1kV HSS CVD 2.0 Release
  37. 37. 37© 2015 Cisco and/or its affiliates. All rights reserved. CPE Services for SP •  Lower OPEX Costs •  Simplify Service Delivery •  Flexible Service Delivery Models •  Highly Customizable •  Flexible Physical & Virtual Form-Factors •  Flexible Deployment: SP or Cisco Managed Hybrid CPESP BenefitsUse Case 3 WWW IPS WEB EMAIL MALWARE CONTEXT Switching AP Voice NGFW VPN Routing NAT DHCP
  38. 38. 38© 2015 Cisco and/or its affiliates. All rights reserved. •  Cloud Web Security (CWS) •  Cloud Email Security (CES) •  Hosted Identity Services •  Cloud Access Security Managed Cloud Services
  39. 39. 39© 2015 Cisco and/or its affiliates. All rights reserved. Web Filtering WebpageWeb Reputation Application Visibility and Control Anti- Malware Outbreak Intelligence File Reputation Cognitive Threat Analytics Before After www.website.com During File Retrospection www Roaming User Reporting Log Extraction Management Branch Office www www Allow Warn Block Partial Block Campus Office ASA StandaloneWSA ISR G2 AnyConnect® AdminTraffic Redirections www HQ File Sandboxing Cloud Web Security
  40. 40. 40© 2015 Cisco and/or its affiliates. All rights reserved. Cisco® Email Security Before AfterDuring File Retrospection Reporting Message Track Management Allow Warn Admin HQ File Sandboxing Anti-Spam and Anti-Virus Mail Flow Policies Data Loss Protection Encryption Before During Inbound Email Outbound Email Cisco Appliance VirtualCloud Talos Block Partial Block Mail Flow Policies Email Reputation Acceptance Controls Content Controls File Reputation Anti-Spam and Anti-Virus Outbreak Filters
  41. 41. 41© 2015 Cisco and/or its affiliates. All rights reserved. 41© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Hosted Identity Services 4 1 Complete Integrated Solution Benefits Pay As You Grow No Capital Expense BYOD 24/7 Support Secure and Scalable Quick Time to Deployment
  42. 42. 42© 2015 Cisco and/or its affiliates. All rights reserved. Shadow IT Risk Assessment Report Business Readiness Rating™ Audit Score Shadow Data Risk Assessment After StreamIQ™ ThreatScore™ ContentIQ™ Reports & Analysis Cloud Apps ? ? ?? ?? ? IO IOI IO IOI Protect IO IOI IO IOI Cloud SOC Policy IO IOI IO IOI ? 5417 IO IOI IO IOI ? ? IO IOI Audit Detect ? Investigate WSA BeforeDuring Elastica CloudSOC™ Other Appliances ASA Data Account User Security Operations Center Analyze & Control Securlet™ Gateway Cloud Access Security
  43. 43. 43© 2015 Cisco and/or its affiliates. All rights reserved. Business Case Review – LATAM Customers
  44. 44. 44© 2015 Cisco and/or its affiliates. All rights reserved. §  Virtualize services §  Extend DC to Stores §  Prepare for Internet of Everything Application Consolidation and Virtualization §  Avoid backhaul and offload corporate WAN §  Direct Internet access without compromising security §  High reliability for dynamic apps SaaS Application Experience §  More content without exploding WAN costs §  More efficient use of current bandwidth §  Instant access to HD video over tablets §  Guest WiFI Content Explosion §  Increase revenue §  Longer dwell time §  Immersive Marketing §  Employee training §  Virtual Stores Retail of the Future Looking for Business Outcomes Retail Retail of the Future Market Trends
  45. 45. 45© 2015 Cisco and/or its affiliates. All rights reserved. Business Continuity – Primary requirement for Retail Primary Link Credit Card Acquire Company Backup Link Issue / Problem Without connectivity during "Hot Dates” Initial Solution Backup link solution based on UTM* or 3G Modem Due PCI Compliance Results Cisco Confidential Lack of management No SLA control ? Retail
  46. 46. 46© 2015 Cisco and/or its affiliates. All rights reserved. Business Continuity – Primary requirement for Retail Primary Link Internet Application Visibility & Control (AVC) Understand the applications and knows how to prioritize Performance Routing (PfR) Dynamically pick the best path for high priority traffic Advanced Security (DMVPN, CWS) Cisco Confidential Reshape traffic patterns to cloud from the branch with dynamic security Retail 3s
  47. 47. 47© 2015 Cisco and/or its affiliates. All rights reserved. © 2013 Cisco and/or its affiliates. All rights reserved. 47 Transport Independent Intelligent Path Control Secure Connectivity Application Optimization Internet Retail WAAS PfR 3G/4G-LTE Provider Flexibility Lower Cost Dynamic Path Selection High Quality Experience Direct, Scalable Security Protect Resources (FW/VPN/ IPS/Web and Email Security) App Acceleration Minimize Downtime AVC MPLS Data Center Cisco UTM Solution – Based on Cisco IWAN Solution
  48. 48. 48© 2015 Cisco and/or its affiliates. All rights reserved. Network Services Simplify Application Delivery One Network UNIFIED SERVICES Routing Redefined Routing Switching WLAN Cisco UTM Application Services Optimization Collaboration Server Hosting Security Optimization Vendor Security Appliance Vendor Collaboration Vendor 1 2 3 4 5 Router Vendor Server Vendor Cisco Intelligent Solution – UTMCompetitive Solution – Multiple Vendors Cisco UTM Business Advantage
  49. 49. 49© 2015 Cisco and/or its affiliates. All rights reserved. Cloud Connected Network Mobile Router Firewall The Distributed Perimeter The Security Perimeter in the Cloud Collective Security Intelligence Telemetry Data Threat Research Advanced Analytics 3M+ Cloud Web Security Users 6GB Web Traffic Examined, Protected Every Hour 75M Unique Hits Every Hour 10M Blocks Enforced Every Hour
  50. 50. 50© 2015 Cisco and/or its affiliates. All rights reserved. © 2013 Cisco and/or its affiliates. All rights reserved. 50 Add Secure Identity and BYOD DMVPN Data Center Branch •  DMVPN Inline Tagging—ISR G2 (IOS 15.2(2)T), ASR1k (XE 3.11*) •  SG Firewall for Egress Enforcement •  SGT Capability exchange during DMVPN IKEv2 negotiations •  Learn SGT from SXP or Auth-methods •  Simple one command configuration – DMVPN “crypto ikev2 cts sgt” *ASR1k IOS (XE3.11) will be available in Fall 2013. ISR-G2 Catalyst Switch AP Branch NetworkSales Finance Admin Catalyst Switch Catalyst Switch HR SGT SGT ASR-1K SGT SGT Nexus 7000 ISE Profiler Posture Guest Server SGT Nexus 5000/2000 Catalyst 6500 Egress Enforcement WAN: ISR G2/ASR1k, SG Firewall Campus Aggregation: Cat6K/Sup2—SGACL Data Center Enforcement: Nexus 7000—SGT/ SGACL
  51. 51. 51© 2015 Cisco and/or its affiliates. All rights reserved.

×