You are on page 1of 13

Cisco Cybersecurity

Pocket Guide 2015
Why Security
• Security investment: A top
priority
• Security Everywhere

Why Security?
Security Investment: A Top Priority
Figure 1 How Enterprises View IT Security

• Security: A critical
boardroom topic

Why Cisco
• The leading security
company
• Talos: Security intelligence
and research

Cisco Security
Strategy

56%
of organizations state
that IT security is
critical in meeting
their top business
objectives

73%

51%

of organizations state
that IT security is one
of the top five priorities
for IT investment for
the next fiscal year

of organizations say
that security is more
important than other IT
initiatives

Source: Cisco Annual Security Report 2014

• Challenges
• The Cisco Security
Strategy

Cisco Security Product
Portfolio
• Network and data center
security
• Advanced Malware
Protection
• Cloud security
• Web and email security

Security Everywhere
As much as the Digital Economy and the IoE create
opportunities for companies and consumers, expected
to generate $19-trillion in value to organizations over the
next decade, they also create opportunities for hackers
and cybercriminals. With an expanded attack surface
represented by the IoE, cybercriminals look to cash in on
the estimated value of $450 billion to over $1 trillion of the
Hacker Economy.
The most effective way to confront this dynamic threat
landscape is to make security as pervasive as the Internet of
Everything itself – extending to wherever employees are and
wherever data is – to include Security Everywhere.

1

At-a-Glance

By embedding security everywhere across the extended network, security becomes an
enabler for business to take full and secure advantage of opportunities presented by new
digital business models and the Internet of Things (IoT) with protection across the entire
attack continuum – before, during, and after an attack.

Security: A Critical Boardroom Topic
There is mounting concern at the senior executive and board level regarding information
security and the risk of lost intellectual property, compromised customer information and
confidence, and valuation impact.

Chief information security officers (CISOs) are challenged to push boardroom
discussions into additional security investment.

These are critical considerations as organizations become more agile and try to grow
their business models in the face of the evolving trends of mobility, cloud computing, and
advanced targeted attacks.

2

At-a-Glance

Why Cisco?
Cisco: The Leading Security Company
Cisco is widely recognized throughout the industry as offering best-in-class solutions (Figure 2).
Figure 2 Market Recognition of Cisco Security Solutions

Cisco is Leader in Gartner Magic Quadrants for:

Network Access Control (December 2014)

Intrusion Prevention Systems (November 2015)

Secure Email Gateways (July 2015)

The Cisco security portfolio was rated “positive” in Gartner’s 2014 Vendor Rating.
Cisco also had the highest Security Effectiveness score in the latest NSS Labs Security
Value Maps for:

Breach Detections Systems – 99.2% (September 2015)

Next Generation IPS – 99.5% (April 2015)

Next Generation Firewall – 99.2% (November 2014)

Third-party tests of IT security solutions validate vendor claims of solution effectiveness and
performance. In addition to any individual test result, consistency also matters and Cisco
continues to be a leader in third-party testing year after year.
3

At-a-Glance

Figure 3 NGIPS Security Effectiveness 2009 - 2015

Cisco Talos Security Intelligence and Research Group: Renowned Threat
Intelligence and Expertise from the Leaders in Cyber Security
The Cisco Talos Security Intelligence and Research Group
is composed of elite cybersecurity experts whose threat
intelligence detects, analyzes, and protects against both known
and emerging threats by aggregating and analyzing Cisco’s
unrivaled telemetry data of:

1.1 million incoming malware samples per day

4.2 billion web-filtering blocks per day

1 billion SenderBase reputation queries per day

100 TB of data received per day

Talos also maintains the official rule sets of Snort, ClamAV, SenderBase, and SpamCop.
Cisco Security Research: www.cisco.com/go/talos
Cisco Security Reports: www.cisco.com/go/securityreports
For more information, visit www.cisco.com/go/security

4

At-a-Glance

Security Challenges
A combination of three major realities has made the task of defending a network more difficult
than ever, while helping attackers find new ways to evade defenses (Figure 4).
Figure 4 Security Challenges

Changing business models: The Internet of Everything is accelerating change,
creating new attack vectors and making it even more difficult to defend the
organization. At the same time, however, the IoE opens up huge opportunities for
business as long as it is secured.
Dynamic threat landscape: Attackers have become much more sophisticated and
well financed, and their attacks have moved from static to dynamic, from visible to
hidden. Without near real-time discovery capabilities, an organization will be at a
significant disadvantage.
Complexity and fragmentation: Most organizations have dozens of security
technologies that often do not interoperate, and this situation is exacerbated by a
significant lack of available security specialists in the market.

5

At-a-Glance

The Cisco Security Strategy
By taking a threat-centric and operational approach to security, organizations can reduce
complexity and fragmentation while providing superior visibility, continuous control, and
advanced threat protection across the extended network and the entire attack continuum
(Figure 6).
Figure 6 A Comprehensive Security Model

Visibility driven: Get global intelligence and context for deeper insights and
better decisions.
Threat focused: Detect, understand, and stop threats across the entire
attack continuum
Platform based: Reduce fragmentation by using a platform-based approach to
protect the network, devices, and the cloud.
Only Cisco delivers platform-based solutions that integrate into an overall security system.
Figure 7 Security Products Used Along the Attack Continuum

6

At-a-Glance

Context-aware security: Take advantage of physical and virtual hosts,
operating systems, applications, services, protocols, users, and analyses of content
and network behavior.
Continuous security: Aggregate and correlate data from across the extended
network, discriminating between active attacks and reconnaissance versus
background noise.
Retrospective security: Continuously analyze file behavior and activities over time in
order to detect malware that may alter its behavior to avoid detection, understand the
full extent of an infection, establish root causes, and perform remediation.

7

At-a-Glance

Cisco Security Product Portfolio
Next-Generation Network and Data Center Security
Protect high-value data and data center resources with threat defense, highly secure
virtualization, segmentation, and policy control.
Cisco ASA 5500-X with FirePOWER Services (NGFW)
• Offers the industry’s first threat-focused NGFW
• Combines ASA firewall with Cisco next-generation IPS (NGIPS) and Advanced
Malware Protection (AMP)
• Platform series with wide range of sizes and form factors

Cisco ASA 5585-X with FirePOWER Services (NGFW)
• Offers purpose-built security appliance for data centers
• Delivers highest performance, resiliency, and scalability through leading-edge
clustering
• Combines ASA firewall with Cisco NGIPS and AMP

Cisco FirePOWER Next-Generation IPS (NGIPS)
• Offers the most advanced threat protection in the industry
• Delivers industry-leading throughput, threat detection efficacy, and low TCO
• Platform series with wide range of sizes and form factors

Cisco FireSIGHT™ Management Center
• Centrally manages operational functions for ASA with FirePOWER Services and
FirePOWER NGIPS
• Automatically aggregates and correlates information
• Reduces cost by streamlining operations and automating recurring analysis and
management tasks

Reduce complexity while gaining superior visibility, consistent control, and advanced threat
protection across the entire attack continuum.
Cisco Adaptive Security Virtual Appliance (ASAv)

Incorporates a fully integrated Cisco Application Centric Infrastructure
(ACI)

Provides consistent transparent security across physical, virtual, ACI,
software-defined networking, and cloud environments

Provides vSwitch support for Cisco, hybrid, and non-Cisco data centers

8

At-a-Glance

Cisco Virtual Next-Generation IPS for VMware

Offers a virtualized Cisco FirePOWER NGIPS solution

Reclaims the visibility lost when virtualizing

Extends Payment Card Industry (PCI) compliance to virtual
environments

Cisco Virtual Security Gateway

Integrates with the Cisco Nexus® 1000V virtual switch

Delivers security policy enforcement and visibility at a
virtual-machine level

Logically isolates applications in virtual data centers and
multitenant environments

Enforces separation of duties between security and
server administrators

Advanced Malware Protection
Cisco Advanced Malware Protection (AMP) provides the visibility and control security teams need
to not only prevent breaches, but also quickly detect, contain, and remediate malware before
damage can be done. AMP continuously analyzes and records all file activity on a system (Figure
8). If a file behaves suspiciously, AMP retrospectively alerts security teams, providing a detailed
recorded history of the malware’s behavior over time. AMP can then contain or remediate with a
few clicks.
AMP does this by providing:

The best threat intelligence and malware analysis to strengthen defenses

Point-in-time protection in the form of file signatures, file reputation, and sandboxing to
block known and emerging threats

Continuous analysis and retrospective security to detect malware that manages to evade
initial inspection. .

Check out www.cisco.com/go/promotions for the latest security incentives and promotions.

9

At-a-Glance

Figure 8 Point in Time Detection vs. Continuous Detection

“AMP Everywhere”: Cisco offers the industry’s broadest portfolio of integrated Advanced
Malware Protection solutions providing coverage across multiple attack vectors - network,
endpoint, mobile, virtual, email and web.

Cisco AMP for Endpoints

Cisco AMP for Networks

Cisco AMP Private Cloud Virtual Appliance

Cisco AMP on ASA with FirePOWER Services

Cisco AMP on Email Security Appliance (ESA)

Cisco AMP on Web Security Appliance (WSA)

Cisco AMP on Cloud Web Security (CWS)

Cisco AMP on Integrated Services Router (ISR)

Cisco AMP Threat Grid:

Combines static and dynamic malware analysis with threat intelligence into one
unified solution.

Integrates real-time behavioral analysis and up-to-the-minute threat intelligence feeds
with existing security technologies.

Provides Integrated sandboxing for Cisco ASA with FirePOWER Services, ESA, WSA,
AMP for Networks, and AMP for Endpoints to protect across the attack continuum from
both known and unknown attacks.

10

At-a-Glance

Web and Email Security
Cisco’s Content Security portfolio protects organizations from evolving email and web
threats. Email and Web security are critical components of a holistic security strategy.
Cisco Email Security Appliance (ESA) and Cloud Email Security (CES)

Fight spam, viruses, and blended threats for organizations
of all sizes

Enforce compliance and protect reputation and brand assets

Available as cloud-based and hybrid (onsite appliance plus
cloud) solutions

Web Security Appliance (WSA) and Cloud Web Security (CWS)

Provide proactive security, application visibility, and control for
users on and off the network

Protect against advanced threats with Advanced Malware
Protection (AMP) and Cognitive Threat Analytics (CTA)

Flexible deployment, including on-premises and cloud delivered,
leverages existing infrastructure and scales to fit

Customized reporting offers actionable intelligenceheck out www.cisco.com/go/
promotions for the latest security incentives and promotions

Secure Access and Mobility
Enhance network visibility and control with identity-aware highly secure access solutions.
Cisco Identity Services Engine (ISE)

Provides a policy-management platform that enforces secure
access to network resources (wired, wireless, and VPN)

Accurately identifies every user and device that connects to
the network

Cisco Network Admission Control (NAC)

Enforces network security policies by allowing access only to
trusted devices

Blocks access by noncompliant devices and limits damage from
emerging threats and risks
11

At-a-Glance

Cisco TrustSec® Technology

Provides secure network access based on rich contextual data (who, what, where, when, how)

Automates firewall rules and access control list administration, uses plain-language policies

Embedded in the operating systems of Cisco ISE, Cisco Catalyst® and Cisco Nexus
switches, Cisco Integrated Services Routers, and Cisco ASA firewalls

Cisco TrustSec® Technology

Provides secure network access based on rich contextual data (who,
what, where, when, how)

Automates firewall rules and access control list administration, uses plainlanguage policies

Embedded in the operating systems of Cisco ISE, Cisco Catalyst® and
Cisco Nexus switches, Cisco Integrated Services Routers, and Cisco ASA
firewalls

Cisco AnyConnect® Secure Mobility Solution

Provides highly secure, simple, and reliable off-premises connectivity

Helps ensure endpoint integrity with multiple authentication options and
comprehensive posture checks.

Delivers automatics secure connectivity with end-to-end encryptions,
integrated web security, per app VPN and advanced malware protection
activation.

For more information and security reports, visit www.cisco.com/go/security.

12

At-a-Glance

For More Information
Cisco Security
cisco.com/go/security
Security Community
communities.cisco.com/community/technology/security
Cisco Security Blog
blogs.cisco.com/security
Partner Support
www.cisco.com/web/partners/support
Cisco Security Intelligence Operations
tools.cisco.com/security/center/home.x

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a
list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. (1110R)
C45-123456-00 01/15

13