CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1
Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/ Operating Expense Acquire and retain customers 1 2 Manage customer relationships 2 Lower company operating costs Drive innovative new market offering/ biz practices Improve quality of products and services Improve workforce productivity Support globalization Source: Forrester Report State of the CIO Agenda January 2009: 600 Business/506 IT Executives 2009 Cisco Systems, Inc. All rights reserved. 2
Driving the Transformation Mobile Devices IT Resources 1.3 Billion New Networked Mobile Devices in Next 3 Years Mobility Video Workspace Experience 60% of All Cisco Network Traffic Today Is Video Healthcare Data Blurring the Borders : Consumer Workforce; Employee Partner 2009 Cisco Systems, Inc. All rights reserved. 3
Changing Environment; Shifting Borders Location Border Mobile Worker IT Consumerization External-Facing Apps Internal Apps Device Border Application Border Video/ Cloud IaaS,SaaS 2009 Cisco Systems, Inc. All rights reserved. 4
Cisco s Architecture for Borderless Network Security (Access Control, Acceptable Use, Malware, Data Security) Applications and Data Infrastructure as a Service X as a Service Software as a Service 3 2 Borderless End Zones Platform as a Service Borderless Internet Corporate Border Borderless Data Center 4 Policy Policy 1 Corporate Office Branch Office Home Office Airport Mobile User 2009 Cisco Systems, Inc. All rights reserved. Attackers Partners Customers Coffee Shop 5
Pillar 2: Borderless Security Array Advanced Scanning and Enforcement Capabilities Cisco Adaptive Security Appliance Cisco Integrated Services Routers Cisco IronPort Web Security Appliance Cisco IronPort Email Security Appliance Access Control Acceptable Use Data Security Threat Protection Integrated into the Fabric of the Network VM Software Appliance Security Module Hybrid Hosted 2009 Cisco Systems, Inc. All rights reserved. 6
Management Email Security Architecture Cisco IronPort C-Series INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2009 Cisco Systems, Inc. All rights reserved. 7
Anti-Spam Defense Multi-layer architecture Very positive score: messages are delivered SenderBase Reputation Filtering IronPort Anti-Spam Suspicious Score Who? Verdict How? Where? What? 90% of messages stopped Very negative score: TCP connection is rejected > 99% Catch Rate < 1 in 1 million False Positives 2009 Cisco Systems, Inc. All rights reserved. 8
Cisco IronPort E-Mail Encryption Easy for the sender Gateway encrypts message Message pushed to Recipient User opens IronPort PXE in browser Key Stored Password Decrypted message displayed User authenticates & gets message key Cisco Registered Envelope Service 2009 Cisco Systems, Inc. All rights reserved. 9
Cisco IronPort S-Series A Powerful, Secure Web Gateway Solution Most effective defense against web-based malware Visibility and control for acceptable use and data loss High performance to ensure best end-user experience Integrated solution offering optimum TCO Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web 2009 Cisco Systems, Inc. All rights reserved. 10
Next-Generation Secure Web Gateway Consolidation Drives Operational Efficiency Before IronPort After IronPort Internet Internet Firewall Firewall Web Proxy and Caching Anti-Spyware Anti-Virus Anti-Phishing Cisco IronPort S-Series URL Filtering Policy Management Users Users 2009 Cisco Systems, Inc. All rights reserved. 11
Multi-Layered Malware Defense Protection Against Today s Threats Layer 4 Traffic Monitor Web Reputation Filters Dynamic Vectoring and Streaming Engine Detects malicious botnet traffic across all ports Blocks 70 percent of known and unknown malware traffic at connection time Blocks malware based on deep content analysis 2009 Cisco Systems, Inc. All rights reserved. 12
Gartner says... 2009 Cisco Systems, Inc. All rights reserved. 13
Advanced, Proactive Threat Protection Cisco Security Intelligence Operations Global Threat Telemetry Global Threat Telemetry Cisco SensorBase Threat Operations Center Advanced Algorithms 8:10 GMT All Cisco Customers Protected Ad Agency HQ in London ISP Datacenter in Moscow Bank Branch in Chicago 8:00 GMT Sensor Detects New Malware 8:07 GMT Sensor Detects New Botnet 8:03 GMT Sensor Detects Hacker Probing Higher Threat Coverage, Greater Accuracy, Proactive Protection Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
SensorBase Depth of Coverage Threat Intelligence 700,000+ global sensors Historical library of 40,000 threats 30% of global email and web traffic 500 third-party feeds, 100 news feeds, open source and vendor partnerships Benefits 360 degree dynamic threat visibility Understanding of vulnerabilities and exploit technologies Visibility into highest threat vehicles Latest attack trends and techniques Over 1000 servers process over 500GB of threat data per day 2009 Cisco Systems, Inc. All rights reserved. 15
Threat Operations Center Security Expertise Researchers and Analysts 500 analysts and White Hat engineers 80+ PhDs, CCIEs, CISSPs, MSCEs Human-aided rule creation and QC Penetration testing, botnet infiltration, malware reverse engineering, vulnerability research 24 x 7 x 365 operations in five centers 95% of Internet languages covered Benefits Network security best practices and mitigation techniques Insight into threat trends and future outlook Quality assurance, reduced false positives Around-the-clock global coverage 2009 Cisco Systems, Inc. All rights reserved. 16
Powering Cisco Security Products and Services Cisco SIO: Threat Identification, Analysis, and Automated Defense Live Reputation Scores New and Updated Signatures Authored and Dynamic Rule Sets Auto-Updates Every 5 Minutes Customized Alerts Every 5 Minutes Security Filters: Industry s Most Effective Security Features Virus Outbreak Filters Anti-Spam Email and Web Reputation Filters IPS Reputation and Signature Filters Firewall Botnet Traffic Filters Alert Aggregation Filters Cisco Products and Services: Proactive Protection, High-Performance www Adaptive Security Intrusion Prevention Web Security Email Security Hosted Email Security Service Modules Alert Services 2009 Cisco Systems, Inc. All rights reserved. 17
Migration to the Cloud: Opposing Pressures Financial Resources Predictable Op-Ex Security Privacy Reliability Accelerators Inhibitors Operational Maintenance Datacenter footprint Control Management Visibility 2009 Cisco Systems, Inc. All rights reserved. 18
The Cisco Approach Hybrid in Action Reporting Tracking Administration SensorBase Malware Filtering Cloud DLP On-Premise Seamless Security Deployment Policy definition and enforcement Simplified Management Co-Governance Unified View Visibility, reporting and tracking On-Premise Message Encryption On-Premise Malware Filtering 2009 Cisco Systems, Inc. All rights reserved. 19
Flexibility Unified Reporting and Tracking Benchmark Company vs. Industry Trends Message and User Tracking Unified View With On-premise Reports Insight To Refine Policy To Address Business Needs 2009 Cisco Systems, Inc. All rights reserved. 20
Accelerating Cisco s Cloud Security Vision Complementary Capabilities Endpoint footprint Powerful enforcement engines Network integration Identity Threat protection Proven multi-tenant cloud platform Global footprint Hosted operations Zero day threat protection Service provider enablement Accelerating Cisco s Borderless Security Vision Persistent Security Advanced Scanning Hybrid SaaS Intelligent Policy 2009 Cisco Systems, Inc. All rights reserved. 21
2009 Cisco Systems, Inc. All rights reserved. 22