selling cisco security: addressing the full attack continuum- pravin srinivasan
TRANSCRIPT
Selling Cisco Security: Addressing the Full Attack Continuum
Pravin SrinivasanHead – Security Sales, India & SAARC
What to Sell How to Sell Whom to Sell (to)
A Simple Agenda
What to Sell
So Let’s Get to It – Part 1
The New Security Problem
Changing Business Models
Dynamic Threat Landscape
Complexity and Fragmentation
And the “Industrialization of Hacking”
20001990 1995 2005 2010 2015 2020
Viruses
1990–2000
Worms
2000–2005
Spyware and Rootkits
2005–Today
APTs Cyberware
Today +
Hacking Becomesan Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
Mean the Silver Bullet Does Not Exist…
“Captive Portal”
“It matches the pattern”
“No false positives,no false negatives.”
ApplicationControl
FW/VPN
IDS / IPSUTM
NAC
AV
PKI
“Block or Allow”
“Fix the Firewall”
“No key, no access”
Sandboxing
“Detect the Unknown”
So You Need a Threat-Centric Security Model
BEFOREDiscoverEnforce Harden
AFTERScope
ContainRemediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect Block Defend
DURING
Point in Time Continuous
Lets be Specific: How hacking is done today – Advanced Malware
Survey What does environment look like? What are the countermeasures?
Write Craft context-aware/sandbox aware malware to penetrate this environment
Test Validate malware works, can evade countermeasures
ExecuteDeploy malware. Move laterally, establish secondary access
AccomplishThe mission: Extract data, destroy, plant evidence, compromise.
Need Help? No Problem!
24/7 Hacker Tech Support Available!
Hacker Houses are contracted to infiltrate your customers organization
A Typical Breach Timeline
Fast to compromise, slow to recover Attack to Compromise – 84% took hours or less Compromise to Discovery – 66% took months or more Discovery to Containment – 22% took months
84% 66%
22%
Source: Verizon 2013 Data Breach Investigations Report, April 2013
http://www.verizonenterprise.com/DBIR/2013/
The Problem: Little Focus on Response
PreventionHistoric investment here
Incident ResponseNeed more focus and investment here.
“…According to US Cert, the average time from breach to
discover is 486 days and normally the person
breached finds out from a 3rd party ”
US CERT
“Based on a forensic analysis going back
months, it appears hackers broke into The Times
computers on Sept. 13.”NY Times, Jan 30, 2013
The Solution: Cisco Advanced Malware Protection
Point-in-Time and Continuous Protection
Retrospective Security
Continuous Analysis
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 1101000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
Breadth and Control points:
File Fingerprint and Metadata
File and Network I/O
Process Information
Telemetry Stream
Continuous feed
WebWWW
Endpoints
NetworkEmail
Devices IPS
Point-in-Time Protection
File Reputation & Sandboxing
Dynamic Analysis
Machine Learning
Fuzzy Finger-printing
Advanced Analytics
One-to-OneSignature
File Trajectory Quickly understand the scope of malware problem
• What systems were infected?
• Who was infected first (“patient 0”) and when did it happen?
• What was the entry point?
• When did it happen?
• What else did it bring in?
Looks ACROSS the organization and answers:Network+
Endpoint
Device TrajectoryBreak the reinfection lifecycle with fast root cause analysis
• How did the threat get onto the system?
• How bad is my infection on a given device?
• What communications were made?
• What don’t I know?
• What is the chain of events?
Looks DEEP into a device and helps answer:Endpoint
+
Giving You an Attack Blueprint
Who
What
Where
When
How
Focus on these users first
These applications are affected
The breach impacted these areas
This is the scope of exposure over time
Here is the origin and progression of the threat
So Cisco Advanced Malware Provides Protection Across The Continuum
AMP provides protection, control, and visibility Before, During, and After an Attack
BEFOREDiscoverEnforce Harden
DURINGDetect Block
Defend
AFTERScope
ContainRemediate
Cisco Collective Security Intelligence
BEFOREDiscoverEnforce Harden
DURINGDetect Block
Defend
AFTERScope
ContainRemediate
Cisco ASA With FirePower Services
Cisco ISE
VCisco Data Center Security
Cisco NGIPS
Cisco Web and Email Security Cisco AMP and CTD
That’s Cisco Security Solution: Protection Across The Attack Continuum
How to Sell
So Let’s Get to It – Part 2
First: Become an Expert!! Advanced Security Architecture
Builds security architectural leadership and gains industry-recognized branding and market differentiation
Creates deep knowledge of security architecture for solution development
Express Security IPS
An entry level, low cost specialization that consists of 4 focused areas (NGFW, Email, Web Security and NS-IPS)- complete at least ONE focus area; complete others for additional benefits
Two (2) Roles - Account Manager & EngineerBENEFITS include:
• Participation in profitability incentives and promotions• Increased financial benefits with higher level of specialization• Increased visibility in the Cisco Partner locator
Advanced Security Specialization
ASAS ASEC
Customer Benefits and TCO of Cisco Security Solutions
SecureX Architecture
Cisco Security Solutions Secure Mobility Secure Data Center and Cloud Secure Edge and Branch Secure Access Email/Web Security
Smart Business Architectures
Cisco Validated Designs (CVDs)
Cisco Services for Security
Fully Architecture Based Visibility-Driven Threat-Focused Platform-Based
Architectural Focus Areas End to End Architecture Open Platform Embed Security for Broader
IT Solutions Network as a Sensor Reducing Complexity and
Fragmentation of Security Solutions
New Technologies Meraki Sourcefire Cognitive Trustsec
Business Transformation
Changing Threat Landscape
Consumption Models
Software Lifecycle
Architectural Cross Selling
21
Look for a Sept. refresh of “Next-Generation Threat Defense” in Partner Marketing Central
Partner At-a-Glance
Partner Playbook
New Marketing Offers
Demand Generation Emails
Call Guide
Fall rollout of new campaign:
“What a Next-Generation
Firewall Should Be”
Then: Prospect!
Complete, ‘LIVE’ environment
Live traffic, clients and threats
Easy to use
Demo script in your dashboard
Show and Tell with dCloud – it Works!
Leverage ASA 5515-X Equipment with SSD and FirePOWER Services
Show Proof of Value (PoV)
POV Risk Reports
Propose….and then Close!
SAVE Time
DELIVERAccurate Proposals
WINMore Deals
Users save 8 hrs in research & creation time per proposal.
Proposals have a 6-month refresh cycle & are Cisco BU approved.
Users of the library have up to 20-30% larger deal values.
SDW on PEC Mobile app for Apple & Android devices
NEW: ASA with FirePOWER Services Proposal includes solution overview, benefits, business outcomes and more. New and updated proposals added weekly
To get the ASA with FirePOWER Services Proposal, go to:
Whom to Sell (to)
So Let’s Get to It – Part 3
The Market Sweet Spots
BFSI SP Others PS Mfg. Education
0%5%
10%15%20%25%30%
% of Total Security Market
Firewall SSL VPN IDS / IPS Total
0%10%20%30%40%50%
Cisco’s Mkt. Share %
• BFSI continues to be the biggest security market – regulations, customer data sensitivity, customer confidence; IPS / AMP / Content Security
• ITS (“Others”) is an early adopter – AMP / NGFW migration, ISE
• PS is the biggest upside opportunity – Govt. mandates moving projects forward; State Govt. and defense
• Mfg. and Education – high growth and low penetration from Cisco
• Cisco has a good share on FW, but a poor one in NGFW (growth area) – need to migrate ASA to “Elektra”, Upsell ASA to FirePower services, go after competition installed base
• IPS: Tell the story and upsell to AMP• SSL VPN: BYOD imperative; AnyConnect 4.0 and per-
app VPN; ISE• Overall: Take advantage of the undisputed Market
Leader!
And Don’t Forget the Huge Migration Opportunity!
$2.5 Billion ASA Install Base up for Refresh in the Next Five to Seven Years
Resulting Annual Revenue Hardware Refresh Opportunity: >$400 Million per Year for the Next Five to Seven Years
There Are Over 650,000 ASA Units Sold
FirePOWER Services Increases the Deal Size
$
What to Sell How to Sell Whom to Sell (to)
Enable and Certify Demo and Show PoV Propose and Close
Market Segmentation• BFSI / ITS / PS / SP / OthersTechnology Segmentation• IPS / AMP / NGFW
So in Summary….
BEFOREDiscoverEnforce Harden
DURINGDetect Block
Defend
AFTERScope
ContainRemediate