Ci S it Cisco Security
Cisco S Ci Security it IntelliShield Alert Manager Service How to Sell to End-Customers End Customers Cisco Confidential © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Agenda Security Challenges Today Cisco Lifecycle Services Framework Cisco Security IntelliShield Alert Manager Service Sales Tactics and Competition Pricing and Engagement Model Resources © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2 Vulnerability Management : A Process “Vulnerability management is a set of processes and technologies that are used to establish and maintain a security configuration baseline; discover, prioritize, and mitigate exposures; establish security controls; and eliminate root cause cause.” –Gartner Discover all assets across the network Establish process, standards and guidelines Assign business values to assets Discovery Review for policy compliance Policy and Compliance Asset Prioritization Vulnerability Management Verification Measure impact of security decisions and actions Assessment and Analysis P t ti Protection and d Remediation Enforce policies and implement mitigation Determine risk based on threat and vulnerability data correlated with asset prioritization Deliver proactive threat intelligence and reporting Block intrusions in real-time © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3 CSO Security Challenge Protect the business from security threats P Pressure on resources, security requirements, and budget g • Receive early warning on threats • Gain visibility into risk posture • Prioritize actionable safeguards Reduce the total cost of ownership for security • Reduce patching / remediation costs • Reduce threat data overload and “firedrill” response • Enable self-defending security solutions Security Requirements C t Cost Meet regulatory and compliance requirements Budget • Protect private data and loss from data leakage • Enable security to achieve and maintain compliance © 2007 Cisco Systems, Inc. All rights reserved. Time Cisco Confidential 4 Faster and Newer Threats Need New Solutions Anti-Virus Updated Anti-Virus Updated Virus and Vi d Worm W Mitigation? Spyware? Location L ti or UserU based Policies? Trojans? OS Patch Added OS Patch Added Blended Threats? © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5 Cisco Lifecycle Approach to Security Service and Support Coordinated Planning and Strategy Make sound investment decisions Prepare Assess Readiness Operational Excellence Adapt to changing security requirements Maintain Security Health Plan Optimize Cisco® Partner Customer Operate Security assessments and architecture reviews to determine preparedness Design the Solution Design Manage, resolve, Manage resol e repair, replace Implement Products,, service,, and support aligned to security requirements Implement Solution Integrate without disruption or introducing vulnerabilities © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6 Cisco Security Services Portfolio Security management, monitoring and response MANAGED SECURITY SERVICES SECURITY CENTER Integrated Access to Intelligence and Applied Mitigation Techniques Advanced security services delivering INTELLIGENT INFORMATION SERVICES Evaluate Reduced Business Risk Preventative Protection Threat and Event Management Compliance Management Integrated security as fundamental to the network Detect Manage Prevent ADVANCED TECHNOLOGY CONSULTING SERVICES FOUNDATIONAL SECURITY SERVICES © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7 The Need for Proactive Threat Management IntelliShield Return on Investment Before Processes After IntelliShield Alert Manager “Fire-drill” response lacks workflow Ad-hoc search for security intelligence People Manual approach Multiple audiences Lack L k off coordination di ti Technologies Too many vendors Too much data Little integration Wasted Resources Lack of Visibility S bj ti Risk Subjective Ri k Scores S and d Inconsistent Reporting © 2007 Cisco Systems, Inc. All rights reserved. Potential Monthly Threats 1,500 Alerts Generated by IntelliShield Team 600 Filtered by Your Customized IT Profile 30 Events Requiring Immediate Client Action 6 Shorten Time to Resolution Avoid Sifting Through Irrelevant Information Customized to Your Environment Cisco Confidential 8 Sources of Security Intelligence Cisco STAT NIST CERT SANS Cisco RMS Incident Response Groups Internal Security Research Cisco CSIRT Cisco IronPort Full Disclosure External Security Research Internal S Security it Research BugTraq Cisco Applied Intelligence Cisco PSIRT OSVDB © 2007 Cisco Systems, Inc. All rights reserved. Cisco IPS Cisco Confidential 9 Cisco Security Intelligence Leadership Global Reach,, 24x7 Responsiveness p IntelliShield Alert Manager Applied Intelligence Comprehensive, primary vendorvendor agnostic research, analysis, and alerting Experts p with deep p security y knowledge g deliver threat mitigation procedures for Cisco products Computer Security Incident Response Team (CSIRT) Product Security Incident Response Team (PSIRT) Threat assessment, incident detection and response, and incident trending and analysis Global team managing the investigation and reporting of vulnerability information for Cisco products IPS Signature Team Security Technologies Assessment Team (STAT) Vulnerability research and IPS signature-writing experts for Cisco IPS detection capabilities Security Remote Management Services (RMS) Comprehensive monitoring, issue resolution, and 24-hour management of advanced security solutions © 2007 Cisco Systems, Inc. All rights reserved. Actively evaluate Cisco products for vulnerabilities and drive security best practices Ironport Real time tracking of email and web Real-time threat activity providing protection for fighting spam, viruses and blended threats Cisco Confidential 10 IntelliShield Service Overview Global Source Network Security Intelligence Operations Customized Notification, Tasking, Auditing, Reporting Security Organizations Product Vendors Government Sources Antivirus Vendors Fused and Filtered Intelligence on Vulnerabilities, Malicious Codes, S Security i Trends T d Collect and Evaluate Analyze and Correlate Disseminate Mailing Lists Cisco Security Research © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11 Cisco Security IntelliShield Alert Manager Service What Provides timely timely, detailed intelligence and alerting on threats and vulnerabilities For Organizations that need proactive proactive, early warning on emerging threats, vulnerabilities, and safeguards Val e Value ¾Proactive discovery and notification of vulnerabilities g on the impacted p ¾Intelligence applications and associated patches ¾Faster remediation of potential vulnerabilities ¾Avoid potential security outbreaks and associated costs © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Cisco Security IntelliShield Alert Manager Features and Benefits FEATURES BENEFITS Vendor-agnostic vulnerability and threat intelligence Comprehensive analysis including security vulnerability, malicious code and security trends across vendors and products Proactive, timely intelligence alerting Provides continuous protection by helping IT staff act proactively through early warning of new threats and vulnerabilities Customized alerts graded on a standardized risk rating system Speed decision-making through targeted alerts relevant to your network that are rated on urgency, credibility and severity Customized notification via email, pager, SMS Manage IT staff resources through customized alert delivery and notification thresholds based on products and ratings Searchable alert database of over 14 000 th 14,000 threats t and d vulnerabilities l biliti Speed identification of threat, vulnerability and safeguard analysis with ith extensive t i iintelligence t lli d data t th thatt iis ffully ll iindexed d d and d searchable h bl Recommended safeguards and mitigation techniques Faster remediation of potential vulnerabilities relevant to your environment Tasking and workflow management to track remediation Manage decision support and remediation tasks to ensure timely resolution c © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 Cisco IPS Signature Correlation With IntelliShield Alerts IntelliShield Alert Manager Security y Intelligence g Services Cisco Services for IPS c IntelliShield Alerts f new for Vulnerabilities IPS Signature U d t Updates Comprehensive support for Cisco IPS solutions combining signature file updates with SMARTnet IPS Signature Correlation with IntelliShield Alerts Cisco Services for IPS customers receive: Access the latest vulnerabilities and threats with correlated Cisco IPS Signature information: signature name name, signature ID, release version, and release date Full access to the IntelliShield Search Access feature to search for alerts related to IPS signatures © 2007 Cisco Systems, Inc. All rights reserved. Ability to search comprehensive database of Cisco IPS Signature information Cisco Confidential 14 IntelliShield Alert Manager Sample Alert • Strategic Intelligence • Actionable and Operational • Vendor-Agnostic • CVE/CVSS Compatible • Consistent Risk Ratings • Cisco IPS Si Ci Signature t Correlation • Life Cycle Reporting • Customized “Smart Filters” © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 Cisco Security Center 2.0 Inform, Protect, Respond www.cisco.com/security Event-based, early-warning y intelligence g security Proven Cisco mitigation solutions help protect networks Real-time threat activity tracking and trend analysis Security best practice guidance What's New Event-driven alerts and reporting Comprehensive alert analysis and mitigation techniques Real Real-time time email threat, threat virus, virus and SPAM tracking and trending IntelliShield Cyber Risk Report Podcast for global security trends E Easy access to t comprehensive h i security best practice guidance © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 IntelliShield Selling Tips Sales Nuggets Vendor-neutral research and analysis Opportunity to upsell Cisco security products and services Proactive alerting and risk assessment based on the knowledge of the customers network 30% of IntelliShield customers are financial firms Traps Some competitors bundle their services with other security products, and offer heavy discounts Symantec y alone offers full integration with Remedy Large enterprise customers note that Secunia is consistently the most competitively priced in the market Watch out for… Threat of commoditization co od a o o of security Intelligence due to free online information y intelligence g is Security perceived as a cost center subject to persistent cost reduction pressures Distribution restrictions within company on alerts limit usefulness of service IntelliShield Alert Manager provides near real-time threat and vulnerability information and actionable remediation advice that leverages g our global security insight. © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 Target g Customer Profile and Qualification Target Market Large organizations with remote users and offices Target g Verticals: Finance (30% of sales), Technology (16% of sales), Utilities (10% of sales), Health (7% of sales) sales), and other (37% of sales) MSSP’s that either want to serve as security administrators to end customers and / or want to integrate IntelliShield feed into their overall managed security offer Target Prospects H Have th the F Following ll i Pressing Needs Customers that have invested in: –Host and network-based scanning products –Patch management products –Vulnerability data aggregators (Pseudo-SIM) –Security intelligence products More sophisticated customers tend to purchase various security intelligence feeds Customers that want to reduce their spending on patching and remediation efforts © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Keyy Decision Makers and Buyers Technical manager or business unit manager that has responsibility for the security posture of an organization Internal Information Security group that can understand the financial risk of not patching, t hi as wellll as th the cost of doing internal vulnerability research 18 Qualifying y g Questions For Business Buyer Do you know which vulnerabilities present the greatest threat to your environment and which of your assets are at risk? For Technical Buyer Do you use a security intelligence tool today? If yes, what are you challenges? Do you know the potential business impact of a malware in your infrastructure? Were you affected by Zotob, Slammer, or any of the recent worms that exploited known vulnerabilities? If so, how much time did it take to restore mission critical applications? How much do you spend annually on patching and remediation? What is your goal for reducing that cost? Do you typically correlate IPS signatures with the latest vulnerabilities and threats reported by a security intelligence tool? What data sources are you using today for risk and vulnerability information? Are you able to easily distill information that is relevant to you? How much time does your team spend looking for potential threats and vulnerabilities? © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19 How Does This Service Compare to the Competition? Alert Information 25 % Alert Delivery 25% Alert Management Coverage 25% Total Score DeepSight Alert Service 5 5 4.5 5 4.88 IntelliShield 5 3.5 4.5 5 4.5 Security Manager 3 3 3 5 3.5 ThreatFocus Diligence 4 2.5 3.5 3.5 3.38 SecurityTracker 2 4 3 4.5 3.38 Security Mob 2 3.5 3 2.5 2.75 E-Secure-IT 1.5 2.5 2.5 4 2.63 The Breakdown Source: NetworkWorld © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20 Key Differentiators Built specifically to your customer needs –Alerts are customized, formatted, objective, vendor-neutral, d t l and d graded d d on a standardized t d di d risk rating system –Customers can define notifications based on grading of alert as well as by technology platform –Cisco Security analyst’s recommendations included on many alerts Seamless integration within Cisco’s portfolio –Integration of IntelliShield Alert Manager into Cisco products, pushing security services deeper in the enterprise Cisco Security y Research Leadership p –IntelliShield leverages security research and mitigation processes from a broad range of internal and external sources –IntelliShield IntelliShield brand is well perceived among those who are using the service © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 Service Pricing g and Engagement g g Model Description Use Case Price Security y IntelliShield Alert Mgr: g 2 Registered User and 5 Virtual Users Base Packaged-New g Sales: 2 Registered Users and 5 Virtual Users $11,500 Security IntelliShield Alert Mgr: 5 Registered User and 100 Virtual Users Small Site License: 5 Registered Users and 100 Virtual Users $55,000 Security IntelliShield Alert Mgr: 10 Registered User and 150 Virtual Users Large Site License: 10 Registered Users and 150 Virtual Users $80,000 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 Value to the Partner What is the program? ? A flexible engagement model for regional and national Value Added Resellers (VARs) with managed service practices Partner can leverage the Partner portal, Cisco Security Center, escalation support, remediation procedures, tailored security intelligence feed, and differentiated managed services What is the value? Enable partners to expand their security services portfolio and capabilities with reduced up-front investment Provide partners with a way to improve profitability and grow revenue within their security business Grow attach rate of service to Cisco security products partner resells © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 Tools and Resources IntelliShield Alert Manager (customerfacing) http://www.cisco.com/go/intellishield IntelliShield Alert Manager Portal (customer login req requires ires username sername and pass password) ord) https://intellishield.cisco.com Cisco Security IntelliShield Alert Manager S i D Service Description i ti / E End dU User Li License Agreement http://www.cisco.com/legal/services.html Partner Central http://www.cisco.com/en/US/partner/produc ts/ps6834/serv_group_home.html © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24 Cisco Security IntelliShield Alert Manager Summary Market leading security intelligence Reduce costs of patching and remediation Sign up ffor a 90Si 90 day trial today Security Intelligence Services For a 90-day trial www.cisco.com/go/intellishield/trial Cisco Security Center www.cisco.com/go/security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26 IntelliShield Pricing and Part Numbers Product ID Description Use Case Services Part # (Direct) Price CSAM-1V Security Intellishield Alert Mgr- 1 Add-on Virtual User 1 Add-on Virtual User Con-IAM-1V $630 CSAM-1R Security Intellishield Alert Mgr- 1 Add-on Registered User 1 Add-on Register User Con-IAM-1R $5,100 CSAM-1R-1V Security Intellishield Alert Mgr- 1 Registered User and 1 Virtual User Minimum Pkg—Use for Renewals; 1 Registered User, 1 Virtual User CON-IAM-1R-!V $5,100 CSAM-2R-5V Security Intellishield Alert Mgr- 2 Registered User and 5 Virtual Users Base Packaged-New Sales; 2 Registered Users and 5 Virtual Users CON-IAM-2R-5V $11,500 Securityy Intellishield Alert Mgr— g 5 Registered User and 100 Virtual Users Small Site License; 5 Registered g Users and 100 Virtual Users CON IAM 5R 100V CON-IAM-5R-100V $55 000 $55,000 Security Intellishield Alert Mgr— 10 Registered User and 150 Virtual Users Large Site License; 10 Registered Users and 150 Virtual Users CON-IAM-10R-150V $80,000 Security Intellishield Alert Mgr— XML Feed—5 Registered User and 100 Virtual Users XML Feed—Small Site License 5 Regerstered Users and 100 Virtual Users CON-IAM-5R-100VX $80,000 Security Intellishield Alert Mgr— XML Feed—5 Registered User and 150Virtual Users XML Feed—Large Site License 10 Regerstered Users and 150 Virtual Users CON-IAM-10R-150VX $130,000 Security Intellishield Alert Mgr— Variable User Numbers OEM Deals or Large g Custom Quotes CON-IAM-CUSTOM Renewals CON-IAM-1 CSAM 5R 100V CSAM-5R-100V CSAM-10R-150V CSAM-5R-100VX CSAM-5R-150VX CSAM-Custom © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Custom Total Value 27
© Copyright 2025