Managed Services – Security
Table of Contents Problem <SP/SI/VAR Name> Managed Services Consequence  Solution Why <SP/SI/VAR Name>? Next Steps Success...
Problem  Network Vulnerabilities Pose a Threat to Businesses <ul><li>Business disruption leads to revenue losses from </li...
Problem  Attacks Are Increasing and Evolving in Complexity Source: Gartner, March 17, 2008, “2008 IT Security Threat Proje...
Consequence  The Consequences of Unchecked Attacks What Your Business Needs Impacts on Business Real Incidents  Source: Pr...
Consequence  The Consequences of Unchecked Attacks Real Incidents  What Your Business Needs Impacts on Business Source: Pr...
Solution  Security Layer One – Secure Network Foundation Headquarters Data Center MPLS VPN (Private Network) Large Branch ...
Solution  Security Layer Two – Secure Perimeter Headquarters Data Center MPLS VPN (Private Network) Attacks Prevented, Spo...
Solution Security Layer Three – Secure Local Area Network Headquarters VPN Data Center VPN VPN MPLS VPN (Private Network) ...
Solution Security Layer Four – Secure Host Headquarters VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MP...
Solution  Benefits – Data Confidentiality, Integrity, Availability Headquarters VPN Data Center Endpoint Protection VPN En...
Solution  Security Layer Five – Management & Control (Continued) Consistent policy enterprise wide Future-proof architectu...
Solution  Security Layer Five – Management & Control Degree of Control completely managed completely in-house Control Vs C...
Solution  Benefits – Data Confidentiality, Integrity, Availability Cisco Integrated Services Router (Continued) Headquarte...
Success Story  –  Healthcare  Hospital “ We haven’t had any issues with attacks reaching our network or slowing down our p...
Success Story – Higher Education  University “ Since the Cisco NAC solution has been in place, we have seen an approximate...
Next Steps  Closing the Deal <ul><li>Discuss questions/objections </li></ul><ul><li>Conduct a security posture assessment ...
 
Disclaimer <ul><li>You are encouraged to use the material contained  </li></ul><ul><li>within this presentation under the ...
Upcoming SlideShare
Loading in...5
×

Cisco Managed Security

1,381

Published on

Cisco\'s approach to managed security services

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,381
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The business network, the backbone of any business today, must be secured from threats and attacks. Incidents of security breaches have been widely publicized by leading media outlets, much to the embarrassment of companies large and small. These breaches and attacks can affect your business in the following fundamental ways: Inability to transact business due to network disruption leads to loss in sales Penalties and lawsuits resulting from non-compliance can increase the cost of doing business Theft of intellectual property can undermine your ability to maintain sustained competitive advantage
  • Network-based attacks on business devices and data resources are: Increasing in frequency, constantly evolving in complexity New computing models based on emerging technologies such as Web 2.0, virtualization, and service-oriented technology environments are harder to protect Security organizations are increasingly being asked to demonstrate the real-world business value of security initiatives And protecting against attacks requires large investments in personnel, expertise, and time. This is not a core activity of your business.
  • What are the consequences of unsecured networks? The very ability to run your business, grow your business, and maintain your customer base. This is a summary of real incidents based on network security breaches and the impact to these businesses. Your business needs the ability to cost-effectively protect its mission-critical IT systems, information assets, and processes against threats without any impact on day-to-day operations.
  • The above examples, and all network security needs in general, can be categorized under the three broad categories of the widely-accepted security model called ‘The CIA Triad’: Data Confidentiality Data Integrity and Data Availability
  • How do you achieve Data Confidentiality, Integrity, and Availability in your network? Let’s start with a typical network: The headquarters is connected to a large branch and to the data center through a private network Threats to a network come from a combination of internal and external sources Therefore, a security solution needs to adopt a layered approach ensuring comprehensive protection. Click to run build The first layer involves applying Network Foundation protection This is achieved by adding a MPLS IP VPN solution for secure connectivity between one or more branches, the data center, and the headquarters.
  • [Sri, you don’t need “Continued” on the upper right of these next few slides. It’s understood.] Now lets add Internet access to the existing network to connect a small branch, a small office/home office, and a mobile worker. This addition requires protection at the perimeter. The second layer of security is achieved by adding firewalls, intrusion prevention systems, IP Sec VPNs, and secure Internet access to the Network Foundation layer. Secure perimeter protections optimize and safeguard the bandwidth available within the network and enable the proactive management of internal as well as external threats by protecting against: IP spoofing Malware attacks Denial of service attacks Access via the use of unknown protocols Attacks originating from within the network
  • Employees who connect their personal laptops to the network and individuals who are granted guest access may become serious security threats if their laptops lack antivirus protection or if the latest antivirus patches have not been applied. The third layer of security protects local area networks against the most common causes of malware infection: Client devices that lack current signature files and Unmanaged client devices accessing the network LAN security for insecure and unmanaged client devices is achieved by adding a Network Admission Control (NAC) solution to control network access for these devices. The NAC solution allows for policy-based screening of devices connected to the network, thereby covering threats resulting from human errors and network misconfiguration.
  • The fourth and final layer of security is at the host level. It involves behavioral inspection of the host’s activities to look for anomalies at the Execution level, Application level, and Operating system level. This layer protects against attacks from: Infected media inserted into a secure device Vulnerabilities in common applications such as Microsoft Word, Internet Explorer etc., as exploited by hackers Hostile code that attempts to create back doors in the network How does Secure Host work? This is achieved by deploying a software (security agent) on each host. When the host is connected to the network, the software retrieves policies from a constantly updated central policy repository and monitors the host’s behavior ensuring vulnerability shielding (buffer overflow strikes, changing registry keys, overwriting dll’s etc) white/gray listing potentially unwanted program management infection clean-up
  • Collectively, this layered approach to security ensures the three basics of security: Data Confidentiality Data Integrity Data Availability And as a managed service, this approach enables you to focus on the core competencies of your business while outsourcing your complex security needs to a trusted resource.
  • The fifth layer of security is at the behavioral level. Robust policies, processes, and reporting added to the network infrastructure yields to a comprehensive secure solution. Click to run build The benefits of such a layer include A single centralized point of control leading to effective governance with clear accountability A future-proof security architecture that can support existing and emerging technology and business scenarios Uniform security policies, controls, and processes enterprise-wide that are aligned with business needs Reports from an independent audited third party that meet most compliance requirements A mechanism to measure and report security activities and the value added to the enterprise
  • And finally, as a managed service, you can still choose the level of control based on your risk appetite.
  • Our solution is based on the industry-proven Cisco approach. &lt;SP/SI/VAR Name&gt; solution provides significant features, including: Integration of multiple layers of security into the small footprint of the Cisco Integrated Services Router, for lower power consumption and more flexible use of space Simple, intuitive online interfaces to control and monitor performance Rigorously-tested technology solutions to ensure high reliability
  • A midsized hospital in Illinois successfully applied Security Layer One and Two protections to satisfy their security needs.
  • A large university in Virginia successfully adopted the layered security approach and applies Security Layers One, Two, and Three to meet their security challenges.
  • Here is what we should do next
  • Cisco Managed Security

    1. 1. Managed Services – Security
    2. 2. Table of Contents Problem <SP/SI/VAR Name> Managed Services Consequence Solution Why <SP/SI/VAR Name>? Next Steps Success Stories
    3. 3. Problem Network Vulnerabilities Pose a Threat to Businesses <ul><li>Business disruption leads to revenue losses from </li></ul><ul><li>Distributed denial-of-service attacks </li></ul><ul><li>Disaster recovery delay </li></ul><ul><li>Penalties and lawsuits lead to increased costs from </li></ul><ul><li>Breaches of privacy </li></ul><ul><li>Noncompliance with regulations </li></ul><ul><li>Data theft can undermine competitive position from </li></ul><ul><li>Loss of intellectual property </li></ul><ul><li>Compromized integrity of data </li></ul>
    4. 4. Problem Attacks Are Increasing and Evolving in Complexity Source: Gartner, March 17, 2008, “2008 IT Security Threat Projection Timeline.” <ul><li>Attacks are becoming more frequent, more complex </li></ul><ul><li>New network designs open new security holes </li></ul><ul><li>Business value of security initiatives to be justified </li></ul>Time Spent to Prevent Severity WLAN Infrastructure Attacks Distributed Denial of Service Portable Device Data Leakage Social Network Subversion DMA Attacks Mashup Threats Shared Code / SOA Attacks Desktop Utility Application Attacks DRAM Attacks Enterprise Code Reverse Engineering RFID Attacks Botnets Social Engineering Rootkits Embedded OS Attacks Application Security Threats SOHO Attacks Mobile and Wireless Device Endpoint Attacks Hypervisor / VMM Attacks Removable Storage Leakage 10 9 8 7 6 5 4 3 2 1 0 -1 0 1 2 3 4 5 6
    5. 5. Consequence The Consequences of Unchecked Attacks What Your Business Needs Impacts on Business Real Incidents Source: Privacy Rights Clearinghouse, www.privacyrights.org. Visa Ameritrade Oracle MasterCard EBay Revenue Lost Lost: $625 Million in Sales Network Breach Prevent Network Breaches Costs Increase Lost: $2 Million in Fines 200,000 Customers’ Data Stolen Ensure Compliance With Law Intellectual Property Theft Lost: Market Share Software Source Code Stolen Ensure Data Confidentiality Brand Tarnished Lost Customers Data on 40 Million Cards Stolen, Changed Prevent Public Relations Disaster Customer Confidence Lost Customers 4-Hour Web site Outage Ensure Data Availability at All Costs
    6. 6. Consequence The Consequences of Unchecked Attacks Real Incidents What Your Business Needs Impacts on Business Source: Privacy Rights Clearinghouse, www.privacyrights.org. Prevent Network Breaches Confidentiality Ensure Compliance With Law Integrity, Confidentiality Ensure Data Confidentiality Confidentiality Prevent Public Relations Disaster Integrity, Confidentiality Ensure Data Availability at All Costs Availability Revenue Lost Lost: $625 Million in Sales Costs Increase Lost: $2 Million in Fines Intellectual Property Theft Lost: Market Share Brand Tarnished Lost Customers Customer Confidence Lost Customers Network Breach 200,000 Customers’ Data Stolen Software Source Code Stolen Data on 40 Million Cards Stolen, Changed 4-Hour Website Outage Visa Ameritrade Oracle MasterCard EBay
    7. 7. Solution Security Layer One – Secure Network Foundation Headquarters Data Center MPLS VPN (Private Network) Large Branch Benefits Protection Layer Managed Service MPLS IP VPN Network Foundation Data / Voice Secure
    8. 8. Solution Security Layer Two – Secure Perimeter Headquarters Data Center MPLS VPN (Private Network) Attacks Prevented, Spoofing Blocked, Bandwidth Optimized MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure Internet (Public Network) Small Branch SOHO Mobile Worker Large Branch VPN VPN VPN Benefits Protection Layer Managed Service
    9. 9. Solution Security Layer Three – Secure Local Area Network Headquarters VPN Data Center VPN VPN MPLS VPN (Private Network) Attacks Prevented, Spoofing Blocked, Bandwidth Optimized MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure x Internet (Public Network) Small Branch SOHO Mobile Worker Large Branch NAC NAC NAC NAC NAC NAC NAC Benefits Protection Layer Managed Service Illegal access prevented, Standards Enforced Network Admission Control LAN
    10. 10. Solution Security Layer Four – Secure Host Headquarters VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MPLS VPN (Private Network) Illegal access prevented, Standards Enforced Attacks Prevented, Spoofing Blocked, Bandwidth Optimized Network Admission Control MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access LAN Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure NAC Endpoint Protection x NAC Internet (Public Network) Endpoint Protection Endpoint Protection NAC Small Branch SOHO Mobile Worker Large Branch NAC NAC VPN Benefits Protection Layer Managed Service Internal or Host Based Threats Security – IPS / IDS Host
    11. 11. Solution Benefits – Data Confidentiality, Integrity, Availability Headquarters VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MPLS VPN (Private Network) Illegal access prevented, Standards Enforced Attacks Prevented, Spoofing Blocked, Bandwidth Optimized Network Admission Control MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access LAN Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure NAC Endpoint Protection x NAC Internet (Public Network) Internal or Host Based Threats Security – IPS / IDS Host Endpoint Protection Endpoint Protection NAC Small Branch SOHO Mobile Worker Large Branch NAC NAC VPN Confidentiality Integrity Availability Confidentiality Benefits Protection Layer Managed Service
    12. 12. Solution Security Layer Five – Management & Control (Continued) Consistent policy enterprise wide Future-proof architecture Single point of control Network Value quantified through measurement Clear reporting for compliance Policies, Processes, & Reporting Benefits Reporting Processes Policies
    13. 13. Solution Security Layer Five – Management & Control Degree of Control completely managed completely in-house Control Vs Convenience Tradeoff Convenience (Training & Headcount) Your risk comfort level (Continued) Network And as a managed service you decide… Control (Policy & Process) Policies, Processes, & Reporting Reporting Processes Policies
    14. 14. Solution Benefits – Data Confidentiality, Integrity, Availability Cisco Integrated Services Router (Continued) Headquarters Benefits Protection Layer Managed Service VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MPLS VPN (Private Network) NAC Endpoint Protection x NAC Internet (Public Network) Endpoint Protection Endpoint Protection NAC Small Branch SOHO Mobile Worker Large Branch NAC NAC VPN Illegal access prevented, Standards Enforced Attacks Prevented, Spoofing Blocked, Bandwidth Optimized Data / Voice Secure Internal or Host Based Threats Network Admission Control MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access Security – IPS / IDS LAN Network Foundation Perimeter Internet Remote Access Host VPN NAC Firewall Intrusion Prevention Network Foundation
    15. 15. Success Story – Healthcare Hospital “ We haven’t had any issues with attacks reaching our network or slowing down our performance since we adopted this solution. Hackers and malware don’t even get past our first layer of defense.” Information Technology Manager <ul><li>Challenges and Opportunities </li></ul><ul><li>Provide stronger, more reliable protection against malicious code and network attacks </li></ul><ul><li>Extend clinical applications and information to the bedside </li></ul><ul><li>Improve application performance at remote clinic sites </li></ul><ul><li>Objectives </li></ul><ul><li>Establish a secure computing environment </li></ul><ul><li>Benefits </li></ul><ul><li>Compliance with FDA and HIPAA regulations </li></ul><ul><li>Secure IT-based employee information system leading to lower misdiagnoses </li></ul>Company Medium-Size Hospital Location Illinois, USA Industry Healthcare Products / Services Health Services Revenue $230 Million Employees 2,700 Solutions & Services Firewall Intrusion Protection IPSec – VPN
    16. 16. Success Story – Higher Education University “ Since the Cisco NAC solution has been in place, we have seen an approximately 90 percent drop in malware infections on the student resident network.” Chief Information Security Analyst <ul><li>Challenges and Opportunities </li></ul><ul><li>Balance need for academic openness with need to protect information and assets </li></ul><ul><li>Reduce attacks, infections, and malicious code </li></ul><ul><li>Improve efficiency of IT security personnel </li></ul><ul><li>Objectives </li></ul><ul><li>Preserve academic openness </li></ul><ul><li>Protect information and assets from attacks, infections, and malicious code </li></ul><ul><li>Improve efficiency of IT security personnel </li></ul><ul><li>Benefits </li></ul><ul><li>Provide ease of use, campus-wide access </li></ul><ul><li>Enable secure environments for distance- learning programs </li></ul>Company Large University Location Virginia, USA Industry Higher Education Products / Services Education Revenue $449 Million Employees 4,200 Solutions & Services Intrusion Protection IPSec – VPN Network Admission Control
    17. 17. Next Steps Closing the Deal <ul><li>Discuss questions/objections </li></ul><ul><li>Conduct a security posture assessment </li></ul><ul><li>Prepare a budget quote for one or more services </li></ul><ul><li>Reach agreement on financial and operational details </li></ul><ul><li>Review terms and conditions </li></ul><ul><li>Develop action plan and timeline </li></ul><ul><li>Begin implementation </li></ul><ul><li>Sample action plan </li></ul><ul><li>Conduct paid security audit </li></ul><ul><li>Readout of audit findings </li></ul><ul><ul><li>Security holes </li></ul></ul><ul><ul><li>Proposed managed services packages </li></ul></ul><ul><ul><li>Pricing </li></ul></ul><ul><li>Negotiation ($, terms, and conditions) </li></ul><ul><li>Implementation </li></ul><ul><li>Ongoing security reviews and audits </li></ul>
    18. 19. Disclaimer <ul><li>You are encouraged to use the material contained </li></ul><ul><li>within this presentation under the following terms </li></ul><ul><li>and conditions: </li></ul><ul><li>© 2008 Cisco Systems, Inc. All rights reserved. Cisco, the Cisco logo, and Cisco Systems are registered trademarks or trademarks of Cisco Systems, Inc. and / or its affiliates in the United States and certain other countries. </li></ul><ul><li>All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company. </li></ul>

    ×