2. Table of Contents Problem <SP/SI/VAR Name> Managed Services Consequence Solution Why <SP/SI/VAR Name>? Next Steps Success Stories
3.
4.
5. Consequence The Consequences of Unchecked Attacks What Your Business Needs Impacts on Business Real Incidents Source: Privacy Rights Clearinghouse, www.privacyrights.org. Visa Ameritrade Oracle MasterCard EBay Revenue Lost Lost: $625 Million in Sales Network Breach Prevent Network Breaches Costs Increase Lost: $2 Million in Fines 200,000 Customers’ Data Stolen Ensure Compliance With Law Intellectual Property Theft Lost: Market Share Software Source Code Stolen Ensure Data Confidentiality Brand Tarnished Lost Customers Data on 40 Million Cards Stolen, Changed Prevent Public Relations Disaster Customer Confidence Lost Customers 4-Hour Web site Outage Ensure Data Availability at All Costs
6. Consequence The Consequences of Unchecked Attacks Real Incidents What Your Business Needs Impacts on Business Source: Privacy Rights Clearinghouse, www.privacyrights.org. Prevent Network Breaches Confidentiality Ensure Compliance With Law Integrity, Confidentiality Ensure Data Confidentiality Confidentiality Prevent Public Relations Disaster Integrity, Confidentiality Ensure Data Availability at All Costs Availability Revenue Lost Lost: $625 Million in Sales Costs Increase Lost: $2 Million in Fines Intellectual Property Theft Lost: Market Share Brand Tarnished Lost Customers Customer Confidence Lost Customers Network Breach 200,000 Customers’ Data Stolen Software Source Code Stolen Data on 40 Million Cards Stolen, Changed 4-Hour Website Outage Visa Ameritrade Oracle MasterCard EBay
7. Solution Security Layer One – Secure Network Foundation Headquarters Data Center MPLS VPN (Private Network) Large Branch Benefits Protection Layer Managed Service MPLS IP VPN Network Foundation Data / Voice Secure
8. Solution Security Layer Two – Secure Perimeter Headquarters Data Center MPLS VPN (Private Network) Attacks Prevented, Spoofing Blocked, Bandwidth Optimized MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure Internet (Public Network) Small Branch SOHO Mobile Worker Large Branch VPN VPN VPN Benefits Protection Layer Managed Service
9. Solution Security Layer Three – Secure Local Area Network Headquarters VPN Data Center VPN VPN MPLS VPN (Private Network) Attacks Prevented, Spoofing Blocked, Bandwidth Optimized MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure x Internet (Public Network) Small Branch SOHO Mobile Worker Large Branch NAC NAC NAC NAC NAC NAC NAC Benefits Protection Layer Managed Service Illegal access prevented, Standards Enforced Network Admission Control LAN
10. Solution Security Layer Four – Secure Host Headquarters VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MPLS VPN (Private Network) Illegal access prevented, Standards Enforced Attacks Prevented, Spoofing Blocked, Bandwidth Optimized Network Admission Control MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access LAN Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure NAC Endpoint Protection x NAC Internet (Public Network) Endpoint Protection Endpoint Protection NAC Small Branch SOHO Mobile Worker Large Branch NAC NAC VPN Benefits Protection Layer Managed Service Internal or Host Based Threats Security – IPS / IDS Host
11. Solution Benefits – Data Confidentiality, Integrity, Availability Headquarters VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MPLS VPN (Private Network) Illegal access prevented, Standards Enforced Attacks Prevented, Spoofing Blocked, Bandwidth Optimized Network Admission Control MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access LAN Network Foundation Perimeter Internet Remote Access (Continued) Data / Voice Secure NAC Endpoint Protection x NAC Internet (Public Network) Internal or Host Based Threats Security – IPS / IDS Host Endpoint Protection Endpoint Protection NAC Small Branch SOHO Mobile Worker Large Branch NAC NAC VPN Confidentiality Integrity Availability Confidentiality Benefits Protection Layer Managed Service
12. Solution Security Layer Five – Management & Control (Continued) Consistent policy enterprise wide Future-proof architecture Single point of control Network Value quantified through measurement Clear reporting for compliance Policies, Processes, & Reporting Benefits Reporting Processes Policies
13. Solution Security Layer Five – Management & Control Degree of Control completely managed completely in-house Control Vs Convenience Tradeoff Convenience (Training & Headcount) Your risk comfort level (Continued) Network And as a managed service you decide… Control (Policy & Process) Policies, Processes, & Reporting Reporting Processes Policies
14. Solution Benefits – Data Confidentiality, Integrity, Availability Cisco Integrated Services Router (Continued) Headquarters Benefits Protection Layer Managed Service VPN Data Center Endpoint Protection VPN Endpoint Protection NAC MPLS VPN (Private Network) NAC Endpoint Protection x NAC Internet (Public Network) Endpoint Protection Endpoint Protection NAC Small Branch SOHO Mobile Worker Large Branch NAC NAC VPN Illegal access prevented, Standards Enforced Attacks Prevented, Spoofing Blocked, Bandwidth Optimized Data / Voice Secure Internal or Host Based Threats Network Admission Control MPLS IP VPN Security – Firewall Security – IPS / IDS IPSec VPN, Internet Access Security – IPS / IDS LAN Network Foundation Perimeter Internet Remote Access Host VPN NAC Firewall Intrusion Prevention Network Foundation
15.
16.
17.
18.
19.
Notas do Editor
The business network, the backbone of any business today, must be secured from threats and attacks. Incidents of security breaches have been widely publicized by leading media outlets, much to the embarrassment of companies large and small. These breaches and attacks can affect your business in the following fundamental ways: Inability to transact business due to network disruption leads to loss in sales Penalties and lawsuits resulting from non-compliance can increase the cost of doing business Theft of intellectual property can undermine your ability to maintain sustained competitive advantage
Network-based attacks on business devices and data resources are: Increasing in frequency, constantly evolving in complexity New computing models based on emerging technologies such as Web 2.0, virtualization, and service-oriented technology environments are harder to protect Security organizations are increasingly being asked to demonstrate the real-world business value of security initiatives And protecting against attacks requires large investments in personnel, expertise, and time. This is not a core activity of your business.
What are the consequences of unsecured networks? The very ability to run your business, grow your business, and maintain your customer base. This is a summary of real incidents based on network security breaches and the impact to these businesses. Your business needs the ability to cost-effectively protect its mission-critical IT systems, information assets, and processes against threats without any impact on day-to-day operations.
The above examples, and all network security needs in general, can be categorized under the three broad categories of the widely-accepted security model called ‘The CIA Triad’: Data Confidentiality Data Integrity and Data Availability
How do you achieve Data Confidentiality, Integrity, and Availability in your network? Let’s start with a typical network: The headquarters is connected to a large branch and to the data center through a private network Threats to a network come from a combination of internal and external sources Therefore, a security solution needs to adopt a layered approach ensuring comprehensive protection. Click to run build The first layer involves applying Network Foundation protection This is achieved by adding a MPLS IP VPN solution for secure connectivity between one or more branches, the data center, and the headquarters.
[Sri, you don’t need “Continued” on the upper right of these next few slides. It’s understood.] Now lets add Internet access to the existing network to connect a small branch, a small office/home office, and a mobile worker. This addition requires protection at the perimeter. The second layer of security is achieved by adding firewalls, intrusion prevention systems, IP Sec VPNs, and secure Internet access to the Network Foundation layer. Secure perimeter protections optimize and safeguard the bandwidth available within the network and enable the proactive management of internal as well as external threats by protecting against: IP spoofing Malware attacks Denial of service attacks Access via the use of unknown protocols Attacks originating from within the network
Employees who connect their personal laptops to the network and individuals who are granted guest access may become serious security threats if their laptops lack antivirus protection or if the latest antivirus patches have not been applied. The third layer of security protects local area networks against the most common causes of malware infection: Client devices that lack current signature files and Unmanaged client devices accessing the network LAN security for insecure and unmanaged client devices is achieved by adding a Network Admission Control (NAC) solution to control network access for these devices. The NAC solution allows for policy-based screening of devices connected to the network, thereby covering threats resulting from human errors and network misconfiguration.
The fourth and final layer of security is at the host level. It involves behavioral inspection of the host’s activities to look for anomalies at the Execution level, Application level, and Operating system level. This layer protects against attacks from: Infected media inserted into a secure device Vulnerabilities in common applications such as Microsoft Word, Internet Explorer etc., as exploited by hackers Hostile code that attempts to create back doors in the network How does Secure Host work? This is achieved by deploying a software (security agent) on each host. When the host is connected to the network, the software retrieves policies from a constantly updated central policy repository and monitors the host’s behavior ensuring vulnerability shielding (buffer overflow strikes, changing registry keys, overwriting dll’s etc) white/gray listing potentially unwanted program management infection clean-up
Collectively, this layered approach to security ensures the three basics of security: Data Confidentiality Data Integrity Data Availability And as a managed service, this approach enables you to focus on the core competencies of your business while outsourcing your complex security needs to a trusted resource.
The fifth layer of security is at the behavioral level. Robust policies, processes, and reporting added to the network infrastructure yields to a comprehensive secure solution. Click to run build The benefits of such a layer include A single centralized point of control leading to effective governance with clear accountability A future-proof security architecture that can support existing and emerging technology and business scenarios Uniform security policies, controls, and processes enterprise-wide that are aligned with business needs Reports from an independent audited third party that meet most compliance requirements A mechanism to measure and report security activities and the value added to the enterprise
And finally, as a managed service, you can still choose the level of control based on your risk appetite.
Our solution is based on the industry-proven Cisco approach. <SP/SI/VAR Name> solution provides significant features, including: Integration of multiple layers of security into the small footprint of the Cisco Integrated Services Router, for lower power consumption and more flexible use of space Simple, intuitive online interfaces to control and monitor performance Rigorously-tested technology solutions to ensure high reliability
A midsized hospital in Illinois successfully applied Security Layer One and Two protections to satisfy their security needs.
A large university in Virginia successfully adopted the layered security approach and applies Security Layers One, Two, and Three to meet their security challenges.