The document discusses the evolution of cybersecurity threats and emphasizes the need for a comprehensive security portfolio to address these challenges. It outlines Cisco's vision and strategy for securing next-generation networks and data centers through continuous advanced threat protection and visibility-driven security models. The importance of developing ecosystems and partnerships to enhance security measures in a dynamic threat landscape is also highlighted.

1. Securing the Next Generation Network and
Data Centre – Now and into the Future –
Vision, Roadmap, and Execution
B-EN-01-B
Bret Hartman
Vice President and Chief Technology Officer,
Cisco Security Business Group

2. Cisco and/or its affiliates. All rights reserved.Session FAQ Forum Cisco Public
House Keeping Notes – Wednesday April 16, 2014
Thank you for attending Cisco Connect Toronto 2014, here are a few
housekeeping notes to ensure we all enjoy the session today.
 Please ensure your cellphones are set on silent to ensure no one is disturbed
during the session
 Please hold all questions until the end of these session to ensure all material is
covered
2

3. Cisco and/or its affiliates. All rights reserved.Session FAQ Forum Cisco Public
Complete Your Paper Session Evaluation – Wednesday April 16
Give us your feedback and you could win 1 of 2
fabulous prizes in a random draw.
Complete and return your paper evaluation
form to the Room Attendant at the end of the
session.
Winners will be announced today at the end of
the session. You must be present to win!
Please visit the Concierge desk to pick up your
prize redemption slip.
Visit them at BOOTH# 407

4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Recent Events Have Eroded Trust

5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
"We can trust the NSA
because without a doubt it is
history's most powerful,
pervasive, sophisticated
surveillance agency ever to
be totally pwned by a 29-
year-old with a thumb drive”

6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
The Industrialization of Hacking
20001990 1995 2005 2010 2015 2020
Viruses
1990–2000
Worms
2000–2005
Spyware and Rootkits
2005–Today
APTs Cyberware
Today +
Hacking Becomes
an Industry
Sophisticated Attacks,
Complex Landscape
Phishing, Low
Sophistication

7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Any Device to Any Cloud
Public Cloud Private Cloud
Public Cloud

9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
The Security Problem
Changing
Business Models
Dynamic
Threat Landscape
Complexity
and Fragmentation

10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Comprehensive Security Portfolio
IPS & NGIPS
• Cisco IPS 4300 Series
• Cisco ASA 5500-X Series
integrated IPS
Web Security
• Cisco Web Security
Appliance (WSA)
• Cisco Virtual Web Security
Appliance (vWSA)
• Cisco Cloud Web Security
Firewall & NGFW
• Cisco ASA 5500-X Series
• Cisco ASA 5500-X w/
NGFW license
• Cisco ASA 5585-X w/
NGFW blade
Advanced Malware
Protection
NAC +
Identity Services
• Cisco Identity Services
Engine (ISE)
• Cisco Access Control
Server (ACS)
Email Security
• Cisco Email Security
Appliance (ESA)
• Cisco Virtual Email
Security Appliance (vESA)
• Cisco Cloud Email
Security
• Cisco
UTM
• Meraki MX
VPN
• Cisco AnyConnect VPN

11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
The New Security Model
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect
Block
Defend
DURING
Point in Time Continuous

12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Network-Integrated,
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms,
Built for Scale, Consistent
Control, Management
Strategic Imperatives
Network Endpoint Mobile Virtual Cloud
Visibility-Driven Threat-Focused Platform-Based

13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Visibility-Driven

14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Need Both Breadth and Depth
Network Endpoint Mobile Virtual Cloud
BREADTH
DEPTH
Who What Where When How

15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Cisco Fabric Provides Pervasive Visibility
Network
Servers
Operating
Systems
Routers and
Switches
Mobile
Devices
Printers
VoIP
Phones
Virtual
Machines
Client
Applications
Files
Users
Web
Applications
Application
Protocols
Services
Malware
Command
and Control
Servers
Vulnerabilities
NetFlow
Network
Behavior
Processes

16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
?
Threat-Focused

17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Detect, Understand, and Stop Threats
?
Collective Security
Intelligence
Threat
Identified
Event History
How
What
Who
Where
When
ISE + Network, Appliances (NGFW/NGIPS)
Context
AMP, CWS, Appliances
Recorded
Enforcement

18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Continuous Advanced Threat Protection
ISE + Network, Appliances (NGFW/NGIPS)
How
What
Who
Where
When
Collective Security
Intelligence
AMP, CWS, Appliances
Enforcement
Event History
AMP, Threat Defense
Continuous AnalysisContext

19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Today’s Security Appliances
WWW
Context-
Aware
Functions
IPS
Functions
Malware
Functions
VPN
Functions
Traditional
Firewall
Functions

20. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Management
Security
Services and
Applications
Security
Services
Platform
Infrastructure
Element
Layer
Platform-Based Security Architecture
Common Security Policy & Management
Common Security Policy and Management
Orchestration
Security
Management APIs
Cisco ONE
APIs
Platform
APIs
Cloud Intelligence
APIs
Physical Appliance Virtual Cloud
Access
Control
Context
Awareness
Content
Inspection
Application
Visibility
Threat
Prevention
Device API: OnePK™, OpenFlow, CLI
Cisco Networking Operating Systems (Enterprise, Data Center, Service Provider)
Route–Switch–ComputeASIC Data Plane Software Data Plane
APIs APIs
Cisco Security Applications Third-Party Security Applications

21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
The Security Perimeter in the Cloud
The
Distributed
Perimeter
Cloud
Connected
Network
Collective
Security
Intelligence
Telemetry Data Threat Research Advanced Analytics
Mobile Router Firewall
3M+
Cloud Web
Security Users
6 GB
Web Traffic
Examined,
Protected
Every Hour
75M
Unique Hits
Every Hour
10M
Blocks Enforced
Every Hour

22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Develop Ecosystems for Cisco Security
Cisco Current
Partner Ecosystem
Mobility (MDM), Threat (SIEM), Cloud
Partner to Deliver Complete Solutions
Open Platform Architecture Enables
Develop SSP Partner Ecosystem
ISE as “Context Directory Service”
Embed Security in Broader IT Solutions
Lancope, Network as a Sensor
Drive the Value of the Network

23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
Covering the Entire Attack Continuum
BEFORE
Discover
Enforce
Harden
AFTER
Scope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING

24. Questions?
26