Brochure Cisco Secure Ops Solution Cisco Secure Ops Solution supports cyber-security risk management and compliance for industrial automation environments. It is a combination of on premise technology, processes, and managed services that helps companies implement and maintain perimeter security between enterprise and operational networks, as well as layered security controls. Through increased organization transparency, central leadership is able to better understand risks and compliance, as well as make informed investment decisions. Cisco Secure Ops delivers a standardized, comprehensive and integrated approach to security. It is supported and embraced by automation suppliers such as Yokogawa and Rockwell, and technology providers such as McAfee and Symantec, and provides a framework for a wide range of partners to participate. Challenges Operators of industrial control networks have historically relied on a combination of security by obscurity and physical segmentation to protect their networks against cyber-attack. More recently, this viewpoint has begun to evolve as: Interconnecting industrial systems, networks, and data applications to enable better information flow and decision-making opportunities have become highly desirable. Proactive monitoring is needed to avoid risks impacting process control networks, such as device failures. Operational costs for site personnel to implement and maintain security controls are high, impacting overall productivity. It s clear that a more robust, fleible, and secure solution is required. The solution must connect networks, and enable monitoring and data flow over a secure network. It must be fleible and capable of being deployed in legacy environments. Most importantly, it must deliver defense-in-depth features to organize, harden, defend, and respond to threats. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 9
Solution Overview Cisco has developed Secure Ops to provide an integrated and standardized solution for securing industrial automation environments, protect against risks, improve efficiency, and reduce site downtime. Customers can choose to implement security controls using a building block approach that allows them to address various attack vectors as their business demands. Cisco Secure Ops Key Benefits Lowered risk to Process Control environment Reduced cost of delivering PCN Security Brings new services that improve productivity and reduce cost of production Real ROI - an independent customer study found approimately $700,000 savings per site over a 5 year period. Business Benefits Cisco Secure Ops delivers a wide range of benefits across the organization: Business leaders gain situational awareness for security maturity and compliance within various parts of the business. Site leadership and management benefit from reduced management compleity and increased consistency across individual sites, leading to optimized operational costs. Site technical leaders are provided with a technical solution to help manage security and compliance on a per-site basis as well as valuable tools to increase it through standardized interfaces and capabilities Corporate risk and compliance leaders receive near real time information on operational risks associated with cybersecurity threats and adherence to compliance policies. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 9
Business Results Cisco Secure Ops Solution provides critical infrastructure security as-a-service, and customers who implement the solution have eperienced: A consistent, integrated solution for addressing security and other risks found in the process control domain Increased site productivity and significantly lower operational costs Improved, and in some cases, automated compliance Solution Components Cisco Secure Ops is comprised of tightly integrated Cisco and third party products and services, and is unique in several ways: It is designed to be dropped in to the DMZ, between the enterprise and process control domains. The solution has been architected to be easily deployed in either eisting or new environments. The integration goes beyond the technology, and etends into commercial arrangements with automation suppliers for services like qualified patches and anti-virus updates. Cisco delivers Secure Ops as a service, including future-proofing for fleibility. Key features Include: Situational awareness dashboards (network status, access/inventory management, security compliance and assurance) High-availability infrastructure (for system-to-system and user-to-system connectivity) Secure process control access Asset discovery and inventory On-premise backup/restore capabilities Automated Windows and automation vendor qualified patches 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 9
Automated signature update, approved by automation suppliers Automated, daily log collection and management Globally supported 24 hours a day, 365 days a year using a follow the sun support model Proactive performance and fault monitoring Global security incident response and monitoring services Security event correlation and incident notifications Network availability and performance monitoring and reporting Cisco Secure Ops Services SecureOps consists of a SecureCenter and SecureSite. SecureCenter Services include: Table 1. Description of SecureCenter Services SecureCenter Data Center Planning, Design, Implementation - HLD, LLD, etc. Customer Hosted Customer Hosted, Cisco Managed Cisco Owned & Managed (Virtual Cloud) Cisco Virtual Cloud (Hosted) Operational Readiness Testing Application Monitoring Services Services Transition/Activation Technology/Architecture High-level Architecture Build Customer Selected, Cisco Validated Virtual Cloud Identity Services/Policy Management Service Operations Incident Management Break/fi 3 rd Party Escalation Management Situation Management (Critical Issue with Defined Process) Problem Management Change Management Customer Requested Policy Updates (Standard Changes) Firmware updates Maintenance Window Management & Release Planning Track Change History Business Continuity Plan (BCP) Disaster Recovery Service Management Service Levels Reporting Tracking and Demand Generation Business Level Escalations Service Upgrade Management Ticketing Integration/E-bonding 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 9
SecureCenter Customer Hosted, Cisco Managed Cisco Owned & Managed (Virtual Cloud) Services Dashboard Services Catalogue Solution Management Solution Evergreening/Lifecycle Management Core Solution Architecture Validation Through ORT Customer Environment Validation Through ORT Network Optimization Services (Secure Ops Scope) Solution Roadmap Reviews (4 annually) Detailed Release Planning Supplier Management Sandbo Monitoring for Testing Configuration Management Asset Reporting Asset Management Security Bundle Password Change Management Two Factor Authentication Security Monitoring PCN Access PCN Host Asset inventory/compliance Anti-virus Management OS & Automation Supplier Patch Management Access/Inventory Management & Status Dashboard Situational Analysis Dashboard (PCN/IT Network Status) Compliance Reporting & Dashboard Log collection and Management Identity Services and Policy Management Vulnerability Scans Advanced Malware Detection Cyber Threat Defense (Managed Threat Defense) Backup/Recovery & Redundancy VM Replication, Backup and Restore Geo-Redundancy Service Levels Service Window 724 724 Time to Notify (TTN) Time to Respond (TTR) 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 9
SecureCenter Customer Hosted, Cisco Managed Cisco Owned & Managed (Virtual Cloud) Change Management Success Rate Remote Service Restoration 4 elapsed hours 4 elapsed hours Service Availability Standard Request (% Completed w/o Error) Depends on Service Provider SLA Depends on Service Provider SLA 99.90% >= 99.75% Aged ticket analysis % Problem Ticket Raised % Problems with Root Cause Found % of Problems w/o Root Cause Found % of Problems Resolved Service Reliability (Clean Days) Operational KPI Report Service Request Fulfilled Report The following table illustrates the services provided for each SecureSite, based on service tier. Table 2. SecureSite - Service Tiers, Levels, and Service Window SecureSite Standard Enhanced High SecureSite - PDI - HLD, LLD and implementation Services Transition/Activation Service Request Management Site Survey Order Equipment (Site Instantiation) Device Staging/Provisioning Build, Configure and Test Hand Over Technology/Architecture High-level Architecture Build Standard High Availability Connectivity Design High Availability Connectivity Design + Active: Standby High Availability Connectivity Design + Active: Active Identity Services/Policy Management Physical Security & Safety Wi-Fi 3G/4G Service Operations Incident Management Break/fi 3 rd Party Escalation Management Situation Management (Critical Issue with Defined Process) Problem Management 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 9
SecureSite Standard Enhanced High Change Management Customer Requested Policy Updates (Standard Changes) Firmware updates Maintenance Window Management & Release Planning Track Change History Service Management Service Levels Reporting Tracking and Demand Generation Business Level Escalations Service Upgrade Management Services Catalogue Ticketing Integration/E-bonding Services Dashboard Solution Management Solution Roadmap Reviews (4 annually) Core Solution Architecture Validation Sandbo Monitoring for Testing Solution Evergreening/Lifecycle Management Customer Environment Validation Network Optimization Services (Secure Ops scope) Supplier Management Detailed Release Planning Configuration Management Asset Management Asset Reporting Security Bundle L3/L4 Firewall Management (Sites) Password change Management Two Factor authentication Security monitoring PCN Access Network segmentation PCN Host Asset inventory/compliance Anti-virus Management OS & Automation Supplier Patch Management Log collection and Management 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 9
SecureSite Standard Enhanced High Identity Services and Policy Management L2/L3 Firewall Management (Sites) Vulnerability scans Cyber threat defense (Managed Threat Defense) Advanced Malware Detection Intrusion Detection (IDS) White & Black Listing Intrusion Protection Signatures (IPS) Backup/Recovery & Redundancy VM Replication and Data Backups (Site level) Service Levels Service Window 58 724 724 Time to Notify (TTN) Time to Respond (TTR) Change Management Success Rate Deployment Period (3 Months or Less) Remote Service Restoration 8 business hours 8 elapsed hours 4 elapsed hours Service Availability 98.50% 99.50% Standard Request (% Completed w/o Error) >=90% >=95% Aged ticket analysis % Problem Ticket Raised % Problems with Root Cause Found % of Problems w/o Root Cause Found % of Problems Resolved Service Reliability (Clean Days) Operational KPI Report Service Request Fulfilled Report Training PCN IT Teams Remote Training (Twice/Annually) 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 9
Cisco Services Cisco Services helps to ensure that your epectations are met completely from planning to building and implementing your solution. Consult with Cisco Services to maimize your return on investment and achieve your goals in every phase of your project, even after deployment. For More Information For more information about Cisco Secure Ops, please ask your account manager or visit the Cisco oil and gas website: http://www.cisco.com/web/strategy/energy/eternal_oil.html. Printed in USA C02-732102-00 07/14 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 9