You are on page 1of 13

Cisco Cybersecurity

Pocket Guide 2015

Why Security
Security investment: A top
Security Everywhere

Why Security?
Security Investment: A Top Priority
Figure 1 How Enterprises View IT Security

Security: A critical
boardroom topic

Why Cisco
The leading security
Talos: Security intelligence
and research

Cisco Security

of organizations state
that IT security is
critical in meeting
their top business



of organizations state
that IT security is one
of the top five priorities
for IT investment for
the next fiscal year

of organizations say
that security is more
important than other IT

Source: Cisco Annual Security Report 2014

The Cisco Security

Cisco Security Product

Network and data center
Advanced Malware
Cloud security
Web and email security

Security Everywhere
As much as the Digital Economy and the IoE create
opportunities for companies and consumers, expected
to generate $19-trillion in value to organizations over the
next decade, they also create opportunities for hackers
and cybercriminals. With an expanded attack surface
represented by the IoE, cybercriminals look to cash in on
the estimated value of $450 billion to over $1 trillion of the
Hacker Economy.
The most effective way to confront this dynamic threat
landscape is to make security as pervasive as the Internet of
Everything itself extending to wherever employees are and
wherever data is to include Security Everywhere.


By embedding security everywhere across the extended network, security becomes an

enabler for business to take full and secure advantage of opportunities presented by new
digital business models and the Internet of Things (IoT) with protection across the entire
attack continuum before, during, and after an attack.

Security: A Critical Boardroom Topic

There is mounting concern at the senior executive and board level regarding information
security and the risk of lost intellectual property, compromised customer information and
confidence, and valuation impact.

Chief information security officers (CISOs) are challenged to push boardroom

discussions into additional security investment.

These are critical considerations as organizations become more agile and try to grow
their business models in the face of the evolving trends of mobility, cloud computing, and
advanced targeted attacks.


Why Cisco?
Cisco: The Leading Security Company
Cisco is widely recognized throughout the industry as offering best-in-class solutions (Figure 2).
Figure 2 Market Recognition of Cisco Security Solutions

Cisco is Leader in Gartner Magic Quadrants for:

Network Access Control (December 2014)

Intrusion Prevention Systems (November 2015)

Secure Email Gateways (July 2015)

The Cisco security portfolio was rated positive in Gartners 2014 Vendor Rating.
Cisco also had the highest Security Effectiveness score in the latest NSS Labs Security
Value Maps for:

Breach Detections Systems 99.2% (September 2015)

Next Generation IPS 99.5% (April 2015)

Next Generation Firewall 99.2% (November 2014)

Third-party tests of IT security solutions validate vendor claims of solution effectiveness and
performance. In addition to any individual test result, consistency also matters and Cisco
continues to be a leader in third-party testing year after year.


Figure 3 NGIPS Security Effectiveness 2009 - 2015

Cisco Talos Security Intelligence and Research Group: Renowned Threat

Intelligence and Expertise from the Leaders in Cyber Security
The Cisco Talos Security Intelligence and Research Group
is composed of elite cybersecurity experts whose threat
intelligence detects, analyzes, and protects against both known
and emerging threats by aggregating and analyzing Ciscos
unrivaled telemetry data of:

1.1 million incoming malware samples per day

4.2 billion web-filtering blocks per day

1 billion SenderBase reputation queries per day

100 TB of data received per day

Talos also maintains the official rule sets of Snort, ClamAV, SenderBase, and SpamCop.
Cisco Security Research:
Cisco Security Reports:
For more information, visit


Security Challenges
A combination of three major realities has made the task of defending a network more difficult
than ever, while helping attackers find new ways to evade defenses (Figure 4).
Figure 4 Security Challenges

Changing business models: The Internet of Everything is accelerating change,

creating new attack vectors and making it even more difficult to defend the
organization. At the same time, however, the IoE opens up huge opportunities for
business as long as it is secured.
Dynamic threat landscape: Attackers have become much more sophisticated and
well financed, and their attacks have moved from static to dynamic, from visible to
hidden. Without near real-time discovery capabilities, an organization will be at a
significant disadvantage.
Complexity and fragmentation: Most organizations have dozens of security
technologies that often do not interoperate, and this situation is exacerbated by a
significant lack of available security specialists in the market.


The Cisco Security Strategy

By taking a threat-centric and operational approach to security, organizations can reduce
complexity and fragmentation while providing superior visibility, continuous control, and
advanced threat protection across the extended network and the entire attack continuum
(Figure 6).
Figure 6 A Comprehensive Security Model

Visibility driven: Get global intelligence and context for deeper insights and
better decisions.
Threat focused: Detect, understand, and stop threats across the entire
attack continuum
Platform based: Reduce fragmentation by using a platform-based approach to
protect the network, devices, and the cloud.
Only Cisco delivers platform-based solutions that integrate into an overall security system.
Figure 7 Security Products Used Along the Attack Continuum


Context-aware security: Take advantage of physical and virtual hosts,

operating systems, applications, services, protocols, users, and analyses of content
and network behavior.
Continuous security: Aggregate and correlate data from across the extended
network, discriminating between active attacks and reconnaissance versus
background noise.
Retrospective security: Continuously analyze file behavior and activities over time in
order to detect malware that may alter its behavior to avoid detection, understand the
full extent of an infection, establish root causes, and perform remediation.


Cisco Security Product Portfolio

Next-Generation Network and Data Center Security
Protect high-value data and data center resources with threat defense, highly secure
virtualization, segmentation, and policy control.
Cisco ASA 5500-X with FirePOWER Services (NGFW)
Offers the industrys first threat-focused NGFW
Combines ASA firewall with Cisco next-generation IPS (NGIPS) and Advanced
Malware Protection (AMP)
Platform series with wide range of sizes and form factors

Cisco ASA 5585-X with FirePOWER Services (NGFW)

Offers purpose-built security appliance for data centers
Delivers highest performance, resiliency, and scalability through leading-edge
Combines ASA firewall with Cisco NGIPS and AMP

Cisco FirePOWER Next-Generation IPS (NGIPS)

Offers the most advanced threat protection in the industry
Delivers industry-leading throughput, threat detection efficacy, and low TCO
Platform series with wide range of sizes and form factors

Cisco FireSIGHT Management Center

Centrally manages operational functions for ASA with FirePOWER Services and
Automatically aggregates and correlates information
Reduces cost by streamlining operations and automating recurring analysis and
management tasks

Reduce complexity while gaining superior visibility, consistent control, and advanced threat
protection across the entire attack continuum.
Cisco Adaptive Security Virtual Appliance (ASAv)

Incorporates a fully integrated Cisco Application Centric Infrastructure


Provides consistent transparent security across physical, virtual, ACI,

software-defined networking, and cloud environments

Provides vSwitch support for Cisco, hybrid, and non-Cisco data centers


Cisco Virtual Next-Generation IPS for VMware

Offers a virtualized Cisco FirePOWER NGIPS solution

Reclaims the visibility lost when virtualizing

Extends Payment Card Industry (PCI) compliance to virtual


Cisco Virtual Security Gateway

Integrates with the Cisco Nexus 1000V virtual switch

Delivers security policy enforcement and visibility at a

virtual-machine level

Logically isolates applications in virtual data centers and

multitenant environments

Enforces separation of duties between security and

server administrators

Advanced Malware Protection

Cisco Advanced Malware Protection (AMP) provides the visibility and control security teams need
to not only prevent breaches, but also quickly detect, contain, and remediate malware before
damage can be done. AMP continuously analyzes and records all file activity on a system (Figure
8). If a file behaves suspiciously, AMP retrospectively alerts security teams, providing a detailed
recorded history of the malwares behavior over time. AMP can then contain or remediate with a
few clicks.
AMP does this by providing:

The best threat intelligence and malware analysis to strengthen defenses

Point-in-time protection in the form of file signatures, file reputation, and sandboxing to
block known and emerging threats

Continuous analysis and retrospective security to detect malware that manages to evade
initial inspection. .

Check out for the latest security incentives and promotions.


Figure 8 Point in Time Detection vs. Continuous Detection

AMP Everywhere: Cisco offers the industrys broadest portfolio of integrated Advanced
Malware Protection solutions providing coverage across multiple attack vectors - network,
endpoint, mobile, virtual, email and web.

Cisco AMP for Endpoints

Cisco AMP for Networks

Cisco AMP Private Cloud Virtual Appliance

Cisco AMP on ASA with FirePOWER Services

Cisco AMP on Email Security Appliance (ESA)

Cisco AMP on Web Security Appliance (WSA)

Cisco AMP on Cloud Web Security (CWS)

Cisco AMP on Integrated Services Router (ISR)

Cisco AMP Threat Grid:

Combines static and dynamic malware analysis with threat intelligence into one
unified solution.

Integrates real-time behavioral analysis and up-to-the-minute threat intelligence feeds

with existing security technologies.

Provides Integrated sandboxing for Cisco ASA with FirePOWER Services, ESA, WSA,
AMP for Networks, and AMP for Endpoints to protect across the attack continuum from
both known and unknown attacks.



Web and Email Security

Ciscos Content Security portfolio protects organizations from evolving email and web
threats. Email and Web security are critical components of a holistic security strategy.
Cisco Email Security Appliance (ESA) and Cloud Email Security (CES)

Fight spam, viruses, and blended threats for organizations

of all sizes

Enforce compliance and protect reputation and brand assets

Available as cloud-based and hybrid (onsite appliance plus

cloud) solutions

Web Security Appliance (WSA) and Cloud Web Security (CWS)

Provide proactive security, application visibility, and control for

users on and off the network

Protect against advanced threats with Advanced Malware

Protection (AMP) and Cognitive Threat Analytics (CTA)

Flexible deployment, including on-premises and cloud delivered,

leverages existing infrastructure and scales to fit

Customized reporting offers actionable intelligenceheck out

promotions for the latest security incentives and promotions

Secure Access and Mobility

Enhance network visibility and control with identity-aware highly secure access solutions.
Cisco Identity Services Engine (ISE)

Provides a policy-management platform that enforces secure

access to network resources (wired, wireless, and VPN)

Accurately identifies every user and device that connects to

the network

Cisco Network Admission Control (NAC)

Enforces network security policies by allowing access only to

trusted devices

Blocks access by noncompliant devices and limits damage from

emerging threats and risks


Cisco TrustSec Technology

Provides secure network access based on rich contextual data (who, what, where, when, how)

Automates firewall rules and access control list administration, uses plain-language policies

Embedded in the operating systems of Cisco ISE, Cisco Catalyst and Cisco Nexus
switches, Cisco Integrated Services Routers, and Cisco ASA firewalls

Cisco TrustSec Technology

Provides secure network access based on rich contextual data (who,

what, where, when, how)

Automates firewall rules and access control list administration, uses plainlanguage policies

Embedded in the operating systems of Cisco ISE, Cisco Catalyst and

Cisco Nexus switches, Cisco Integrated Services Routers, and Cisco ASA

Cisco AnyConnect Secure Mobility Solution

Provides highly secure, simple, and reliable off-premises connectivity

Helps ensure endpoint integrity with multiple authentication options and

comprehensive posture checks.

Delivers automatics secure connectivity with end-to-end encryptions,

integrated web security, per app VPN and advanced malware protection

For more information and security reports, visit



For More Information

Cisco Security
Security Community
Cisco Security Blog
Partner Support
Cisco Security Intelligence Operations

2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a
list of Cisco trademarks, go to this URL: Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. (1110R)
C45-123456-00 01/15