Upload
trinhhanh
View
232
Download
2
Embed Size (px)
Citation preview
Brian Avery, Cisco Systems, [email protected]
Cisco Digital Network Architecture - Wired, Wireless, Security - Together!
Cisco Customer Education
This session was recorded via Cisco WebEx! You can watch the live session recording HERE.
Presentation Agenda► Welcome from Cisco
► A Digital Network Enables New Capabilities
► Q&A, Conclusion
► Cisco Wired and Wireless DNA
► Cisco Security DNAPriors:Cisco Sales and Channels (11.5 yrs)President and CEO (6 yrs) - Cisco Premier Partner Director of Sales (2 yrs) - Cisco Silver PartnerFinancial Analyst (7 yrs) - Sprint Corporation
About Your HostBrian AveryTerritory Business ManagerCisco Systems, [email protected]
► Digital Disruption
CCE is an educational session for current and prospective Cisco customers
Designed to help you understand the capabilities and business benefits of Cisco technologies
Allow you to interact directly with Cisco subject matter experts and ask questions
Offer assistance if you need/want more information, demonstrations, etc.
What Is the Cisco Customer Education Series?
Welcome from Sysco!Oops! I mean Cisco!
Cisco Confidential 5
Computer scientists, Len Bosackand Sandy Lerner found Cisco Systems
Bosack and Lerner run network cables between two different buildings on the Stanford University campus
A technology has to be invented to deal with disparate local area protocols; the multi-protocol router is born
1984
WellFleet
SynOptics
3Com
ACC
DEC
Proteon
IBM
Bay Netw orks
Newbridge
Cabletron
Ascend
Fore
Xylan
3ComNortel
Ericsson
Alcatel
JuniperLucent
Siemens
NECFoundry
Redback
Riverstone
Extreme AristaHP
Avaya
Juniper
Huawei
Aruba
Brocade
Checkpoint
Fortinet
ShoreTel
Polycom
Microsoft
F5
Riverbed
Dell
Internet of Everything
1990 – 1995 1996 – 2000 2001 – 2007 2008 – Today
The Landscape is Constantly
Changing
Leading for Over 30 Years
2016
Cisco Confidential 7
Who Is Cisco?
Chuck Robbins,CEO, Cisco
• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)
• $117B Market Capitalization
• $49.6B in Revenue
• $10B in Annual Net Profits
• $34B More Cash than Debt
• $6.3B in Research and Development
http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics
No. 1
Voice
41%
No. 1
TelePresence
50%
No. 1
Web Conferencing
43%
No. 1
Wireless LAN
50%
No. 2
x86 Blade Servers
29%
No. 1
RoutingEdge/Core/
Access47%
No. 1
Security31%
No. 1
SwitchingModular/Fixed
65%
No. 1
Storage Area Networks
47%
Market Leadership Matters
Cisco Digital Network Architecture
Digital Disruption Impact to Business
Of incumbents are at risk of being displaced
in the next 5 years
40%
Digital Vortex: How Digital Disruption Is Redef ining Industries. Global Center for Digital Business Transformation, 2015.
Of digital value at stake across private industries
between 2013-22
$14T
Cisco estimates $14.4 Trillion of digital value at stake across private industries between 2013-22 Where to
begin y our journey to digital value in the private sector.
How much more profitable are
organizations that master digital
26%
Leading Digital: Turning Technology into Business Transformation
Digital Organization Dynamics and Examples
Established Brands arerapidly transforming to aDigital Enterprise to catch up…
Disruptors or New Brands have beat established brands at becoming a Digital Enterprise…
Cisco Confidential©2015 Cisco and/or its affiliates. All rights reserved.
Digital Organization Critical Success Factors
• Deliver a compelling customer experience at every touchpoint… to make money
• Connect previously unconnected processes, data, devices, and users… to save money
• Leverage Analytics to constantly improve operational efficiency... to reduce risk
Where the Rubber Meet the Road…
• New Applications and Devices• Faster Deployments• More Reliability• Bigger Attack Surface• More At Risk
Network Requirements for the Digital Organization
Security andCompliance
Automation andAssurance
Insights and Experiences
New Business Capabilities Built on the Network as a Platform
Speed, Simplicity and Visibility
Real-time and Dynamic Threat Defense
Drive Business Experiences
Transform Processes and Business Models
InnovationsFaster Time to Market
Empower Workforce Efficiency and Innovation
Increased ProductivityBetter Retention
Personalize Customer/ Citizen Experience
Increased LoyaltyGreater Insight
IoTMobility Analytics CloudMobile traffic will exceed
wired traffic by 2017IoT devices will triple by 2020
75% of companies planning to or investing in big data
80% of organizations will primarily use SaaS by 2018
Creating New Priorities for Digital Organization
Your Network is The Problem
Wired Wireless Devices
VLAN 1 VLAN 2 VLAN 3
WAN
Enterprise Networks today are Complex..
HQ
Remote VLAN C
VLAN B
Branch A
VLAN A Branch B
..and have multiple Operational Challenges
Policy Violations Due to Human Error
Network Changes Performed Manually
95% 70%
OpEx spent on Network Visibility
and Troubleshooting
75%
Source: 2016 Cisco Study
Traditional Networking CANNOT Keep Pace with the Demands of Digital Business
Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
The Big LieCompetitors Say:
“The Network Is a Commodity”
Sidebar…The Big LieGuess what DAY IT IS!
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Typical Multi-Vendor NetworkSwitching Routing Security Wireless Voice
Cisco
HPDell3ComDlinkNetGearLinksys
Cisco
3ComJuniperHuwaiAdtran
Cisco
WatchguardSonicwallFortinetCheckpointNetGearDlinkPalo Alto
Cisco
3ComHPAerohiveAruba
Cisco
NortelAvayaMitelSiemensShoretelSamsungPanasonicToshibaIntertelComdialNECAlcatel
Results in The Frankenstein Effect!
Reliability challenges
Inconsistent warranties
Higher maintenance costs
No single point of support
Basic levels of integration
Only Cisco Can Offer a Complete Solution
Easily enforce policies across wired, wireless, and WAN
Enable sophisticated network capabilities with simplicity
Predictably administer changes and add capabilities
Deliver service innovation more quickly
Get instant view of issue location to speed remediation
Treat the network as a single sophisticated system
Policy-Driven Automated Agile
What if you could…
A Fundamental Shift in Networking is Needed
2
Complex Operational Simplicity with Patch Updates
Security Concerns
Closed
Network as a SensorNetwork as an Enforcer
Open and Programmable
Reactive
It Starts with a Modern Software StackCisco IOS XE (Polaris) Software
Operational Visibility and Streaming Telemetry
Introducing Cisco Software Defined AccessManage Business Outcomes Instead of Managing the Network
Fabric architecture enabling flexible L2/L3 services on a wired, wireless, and WAN network that is managed as single system
Policy based automated provisioning of network for access, security, application quality of experience, and monitoring, across multiple domains
Services enablement through controller based abstraction and open APIs, with fabric aware security and application services integration
A Digital Network Enables New Capabilities
The Network: Cornerstone Where Digital Success is Realized or Lost
Full BusinessVisibility
IoTScalability
Conduit for Critical Apps
First Line of Defense
Bridge for Engagement
Digital Transformation Starts with the Right Foundation
Network Enables New Capabilities
Secure the Enterprise AutomationEngage CustomersMobilize the Workforce
Digital WorkforcePersonalized Workspaces
Effective Collaboration
Omni-channel ExperienceEnhanced Points of Service
Personalized Experiences
Accelerate the BranchRollout services faster
Application performance
Faster threat detectionContinuous compliance
Secure mobile access
Built on the Network as a Platform for the Digital Organization
Evolution of Networking Software
Open APIs
NetworkFunction
Virtualization
Policy
Cloud
Analytics
Controllers
Overlays
OpenFlow
OpenCompute
Standards
How do I deliver new applications?
How do I improve security?
How do I achieve speed & simplicity?
How do I learn new software skills?
Model Driven
Cisco Digital Network ArchitectureOpen | Extensible | Software-driven
How does this cometogether?
DNA Technologies
Automation: Plug and Play Cisco ONE FoundationPnP Available NowPnP Cloud 2HCY16
Lower deployment costs79%
”Plug and play means no more IT engineers in the field – faster time to market and dramatically lowered costs.
“
New!
Eliminates
Staging Truck Roll
Cloud-Based Plug and Play
Plug in and Cloud Provision
Order Controller-Based Management
Policy Service: IWAN Automation
Optimal Branch Experience Made Easy
Faster deployments85%
”
IWAN automation eliminates tedious configuration tasks for advanced networking features. I can configure IWAN with just 10 GUI clicks.
“IWAN Momentum
Cisco ONE Foundation
Available Now
Intelligent Path Control
Highly Secure Connectivity
Application Optimization
Transport-Independent
Zero-TouchRollout
Set Application Policy
Gain Visibility and Tune
Point and Click Troubleshoot
Simple Workflows
200+deployments running up to
2500 sites
Policy Service: EasyQoS
Implements QoS in 250 ms
Enhance Collaboration Experience
300% 50%Reduction in voice jitter
Video quality improves
Improved Application Experience
with No Operator Intervention
”
The EasyQoS App reduces deployment times for network-wide QoS dramatically. We can now respond to changing application needs via policy-based automation within minutes or even seconds.
“
Cisco ONE Foundation
March 2016Controlled Availability;General Availability in Cisco ONE 2HCY16
New!
Select from Predefined
Policies
AutomatedDeployment
of QoS config
Optimized for Any
Infrastructure
Security: StealthWatch and ISE
Extend Security Everywhere
Infrastructure-Enforced Policy
Network as an Enforcer:Software-defined segmentation with
TrustSec® for assurance and compliance
Network as a Sensor:Real-time situational awareness
and rapid threat detection everywhere
”
The network touches every element of the digital enterprise – every business process, device, customer, employee –and therefore has the unique ability to detect, analyze, and prevent new forms of attack by flagging unusual network behavior.
“
Wi-Fi Core WAN Cloud
Rapid Threat Containment
Quickly detect and stop threats
Scales to handle dramatic threat increase
Cisco ONE Adv. Security
General Availability in Cisco ONE
Digital Services: CMX Cloud
ConnectDrag-and-drop customizable
portal on demand
Data on Storefront
ConversionFrictionless
Guest OnboardingPresence Analytics
Zone-based location analytics
”
Customer Insights and Engagement
CMX Cloud has helped us quickly gain business insights, so we can enhance the shopper experience at Santana Row with easy Wi-Fi onboarding, increased customer data, and improved customer engagement.
“
Cisco ONE Advanced
General Availability in Cisco ONE
New!
Cisco Intelligent WAN
Digital Innovation Overwhelming the Branch
BRANCH
OSUpdates
HD Video
Mobile Apps
Online Training
Social Media
Guest Wi-Fi
MORE USERS
MORE APPS
MORE THREATS
80% Of employee and customers are servedin branch offices*
20-50%Increase in enterprise bandwidth per year through 2018**
30%Of advanced threats will target branch offices by 2016 (up from 5%) **
OmnichannelApps
SaaS Enterprise Apps
Digital Displays
* Tech Target, Branch Office Growth Demands New Dev ices., 2013
** Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2015 Update
*** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.
What is SD-WAN?
Automate and orchestrate
network changes
Open standards and third-party integration
Lower operating costs and TCO
Uncompromised security and
threat defense
Network capacity optimization and
increase bandwidth
Direct Internet and cloud access
Protect applicationSLA
Hybrid WAN
What SD-WAN provides
Benefits of SD-WAN
Identify Prioritize Accelerate
See 1000+ apps running on your network
Automate app priority based on business policies
Boost app performance
Securely on any connection or platform for all users
Cisco Intelligent WANApplication-centric SD-WAN
`
Intelligent WAN (IWAN) Solution Components
WAASAkamai
Pf Rv3
IPSec WAN overlayConsistent operational model
DMVPN, PKI
Management and Orchestration
MPLS
Internet
3G/4G-LTE
PrivateCloud
VirtualPrivate Cloud
PublicCloud
IW AN APP
Cisco Prime™
Branch
AVC
TransportIndependence
Optimal application routingEfficient use of bandw idth
Performance Routing(PfR) QoS
Intelligent Path Control
Performance monitoringOptimization and caching
AVC, WAAS, Akamai
Application Optimization
NG strong encryptionThreat defense
Suite-B, ZBFW, AMP, Umbrella, Stealthwatch
Secure Connectivity
Cisco Confidential 40© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco IWAN Deployment ModelsDual MPLS Hybrid Dual Internet
Highest Service Level (SLA) x Inflexible for new servicesx Expensive
Consistent VPN Overlay enables Security across Transition
Enable SaaS and/or high BW apps Balanced Service Level (SLA) Up to 99.999% Reliability
Best price/performance IT Managed Service Levels Up to 99.999% Reliability
Public Public Enterprise
Internet MPLS Internet Internet
Internet
MPLSMPLS
APIC-EM
Network-Specific Control
Application, User, and Business-Driven Policies
“Only corporate-owned devices in Group:FinExec can access quarterly
results DB”Cisco® ISE + TrustSec + ACL
Configuration Commands
`
Cisco APIC-EMAn Application Platform for Enterprise WAN and Access Networks
• Virtual (ISO VM) or appliance-based• Provides user policy abstraction and
automation• Simplification of complex network
configuration withCisco® application best practices
• Existing and new installations (Catalyst®, ISR, ASR, WLC)BENEFITS:
Brownfield supportReady-to-use-applications
Open, northbound API
`
APIC-EM Delivers IT Flexibility
Enabling Automation Through Innovative Management Principles
OPENStatic Programmable
Expert CLI Policy + GUI
Greenfield Brownfield + Greenfield
SIMPLE
A B
Manual Automated
Box-Centric Network-wide
Provision in Months Hours
Applications
Network-Wide Abstractions Simplify the Network
SecurityOrchestration Automation Collaboration
SOUTHBOUND ABSTRACTION LAYER
REST API
CATALYST® CISCO NEXUS® ASRISR WIRELESSASA OTHER
SDN Ideal: Controller as the
Application Platform
The SDN Ideal:
Controller as the Application
Platform
Virtualization
Cisco SD-WAN OptionsChoose Based on Budget, Expertise, Business Priorities
Purchase, deploy, manage yourself with Cisco®APIC-EMand IWAN App/Prime™
On Premises
Utilize Cisco ONE™ Software for license portability
Maximum control overyour network
Cloud-based network management with Cisco Meraki®
Cloud Managed
Subscription-based
Real-time feature and security updates pushed from the cloud
Get on-premises or cloud managed as a service from your service provider
Managed Services
Reduced CapEx, pay-as-you-grow OpEx
You or your SP can manage
It’s All About The Core
Cisco Confidential 47© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Switching InnovationsTransforming the Enterprise
APPLICATION VISIBILITYBASE SERVICES
SECURITY RESILIENCY
Wired Wireless Integration
Unique Innovation for 802.11ac explosion
IoT Onboarding Carpeted Space
Workplace Transformation
Converged Access Enterprise
IoTNext Generation
WorkspaceCisco
Multigigabit
Cisco Confidential 48© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SecuritySegmentation with Cisco TrustSec
Data Center Firewall
Voice Data Suppliers Guest Quarantine
Access Layer
Data Tag
Supplier Tag
Guest Tag
Quarantine Tag
Aggregation Layer
Business Policy:
SourceDestination
Exec PC
HR Database
HR Database Prod HRMS Storage
Exec BYOD X XX XX
X
• Who can talk to whom• Who can talk to what systems• What systems can talk to other systems
• Simplifies policy implementation• Simplifies security operations• Accelerates business agility• Lowers network cost and
complexity
Cisco Confidential 49© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Smart OperationsLower TCO
Zero Touch Deployments and Maintenance
NG Plug n PlaySmart Install
Instant Access
• Softw are image & Configuration dow nloaded
• Consistent for Devices & PIN
• On-going Image Update and Configuration Backup
Easy Configurations for endpoints
Auto Smart PortsAuto Conf
Interface Templates
• Port Configuration: Applied
• QoS Policy: Enforced
• Security Policy: Enforced
Monitor and troubleshoot
Smart Call HomeIPSLA
• Proactive diagnostics• Real time Alerts• Web-based reports• Routed to TAC team
Program the network
EEM, XMLProgrammability
• Ability to take custom actions based on syslogs/triggers
• Enhanced Flexibility and control
Reduce energy consumption
Energywise and EEE
• EEE ready• Energyw ise – Time of the
day policy based on/off of access devices
• 0 $ SKUs for energy management
APIC EM
Sleep Sleep Sleep
Cisco Confidential 50© 2013-2014 Cisco and/or its affiliates. All rights reserved.
High AvailabilityProtecting Business Continuity
StackPower Stateful SwitchOver Virtual Switching System
Physical Redundancy
• Redundant Pow er Supplies
• StackPower w ith 3850• Redundant Fan Trays for
Chassis Systems• Redundant Supervisors
for Chassis Systems
StatefulSwitchover
• Stackable Support: 3850 and 3650
• Intra-chassis support: 6800, 6500 and 4500
• Inter-Chassis support: w ith VSS
Network Resiliency
• NSF support for OSPF, EIGRP, ISIS, BGP
• NSF reduces forw arding table churn
• BGP PIC• Graceful Restart for IPv4
& IPv6 w ith various routing protocols
• OSPFv3 Non-Stop Routing
Upgrade Management
• ISSU for hitless softw are upgrade
• EFSU for minimal disruption during softw are upgrade
Infrastructure Redundancy
• VSS• Instant Access• Multi-chassis
EtherChannel (MEC) provides hardw are-based failover
• VSS Quad-Sup SSO w ith Sup2T
FlexStack+
Cisco and/or its affiliates. All rights reserved.T-EN-05-I Cisco Public
Gigabit Bottleneck
Existing Gigabit infrastructure is insufficient to handle .11ac
growth beyond 1Gbps
Gigabit Ethernet has been around since 1999 and has now become the bottleneck
Market needs an innovative technology to support >1Gbps
over existing cables
Limited to 1G!
Cat 5e Cables
WiFi @ 1G>1G
Cisco and/or its affiliates. All rights reserved.T-EN-05-I Cisco Public
The Solution – Cisco Multigigabit Technology Powered by NBASE-T
Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure
2.5-5G!
Cat 5e Cables
WiFi > 1G
MultigigabitSwitch
MultigigabitCapable AP
Is a game-changing technology allowing enterprise networks to
evolve beyond 1G
Enables 2.5 and 5 Gbps up to 100m on legacy cables
Supports all PoE standardsup to 60W
Cisco Multigigabit with
Security from the Inside Out
Insider Threats
With lateral movement of advanced persistent threats,even external attacks eventually become internal threats
95% of all cybercrimeis user-triggered bydisguisedmalicious links
One out of four breaches are caused by malicious insiders
Two out of three breaches exploit weak or stolen passwords
enterprise network
Attacker
Perimeter(Inbound)
Perimeter(Outbound)
Infiltration and Backdoor establishment1
C2 Server
Admin Node
Reconnaissance and Network Traversal2
Exploitation and Privilege Elevation3
Staging and Persistence (Repeat 2,3,4)4
Data Exfiltration
5
Anatomy of a Data Breach
Cisco Confidential 56
Sampled = Partial• Subset of traffic, usually less than
5%, • Gives a snapshot view into network
activity • Similar to reading every 20th word of
a book
Unsampled = All• All traffic is collected• Provides a comprehensive view
into all activity on the network• Equivalent to reading every word
on every page of a book
Cisco Stealthwatch Value Prop
Complete Visibility is the key and only Cisco/Lancope can provide
Wireless As Primary
Wi-Fi Connectivity Speed Timeline Gigabit Wi-Fi As Primary Access 3SS Desktops / Laptops
2SS Laptops / Tablets
1SS Tablets / Smartphones
*Assuming 80 MHz channel is available and suitable
**Assuming 160 MHz channel is available and suitable
802.11 802.11n802.11b 802.11a/g 802.11acWave 1
802.11acWave 2
3500**
2340**
1730**
290*
= Connect Rates (Mbps)
= Spatial StreamsSS
20162015
Gig
abit
Ethe
rnet
U
plin
k
2 G
igab
it Et
hern
et
Upl
inks
1 SpatialStream
2 SpatialStream
4SpatialStream
s
3SpatialStreams
20132007200319991997
2 11 24
54 65
450
300
1300*
290*
870*
5260**
3500**
600*
Dual 5GHz
Mul
ti-G
igab
it U
plin
ks
Addressing Growth 802.11ac Wave 2
Highest Wi-Fi Performance Ever
Better End Device Efficiency
For Highly Demanding Environments
Higher data rate than previous standard
Allows for more wireless data with wider channels
Simultaneously deliver data to multiple devices
Conserve end-device battery
Going Beyond the 802.11ac Wave 2 Standard With Unified Access Wireless
Flexible Radio AssignmentAdjust radio bands to better
serve the environment.
Innovations Only Cisco DeliversRadio Frequency Excellence for High-Density Environments
Optimized RoamingIntelligently connects the proper Access point as people move
Turbo PerformanceScales to support more devices
running high bandwidth apps.
Zero Impact AVCHardware-based application visibility and
control without impact to performance.
Cisco CleanAir®
Remediates device Impacting interference
Cisco ClientLink Improves performance of Legacy and 802.11ac devices.
Expandability Add functionality via module, Smart Antenna Port or USB Port
Multi-Gigabit UplinksFree up wireless with faster wired
network offload Gb+
Flex Dynamic Frequency SelectionAutomatically adjusts so as not to interfere with other radio systems
Cisco Confidential 64C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Mission critical network infrastructure:• Rapid deployment across branch/retail locations
• Branch operations and management
• VoWLAN, mobile displays, paperless branch
New possibilities with ubiquitous mobile devices:• Analyze foot traffic through smartphones• Extend branding to WiFi sign-on• Develop location-aware applications
• Create new revenue opportunities and increase customer loyalty
Cisco Confidential 65C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Connected Mobile Experiences (CMX)
Anonymous data about every visitor
Detect
Guest WiFi optimized for branding
Connect
APIs for real-time location based apps
Engage
Cisco Confidential 66C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
Applications cut across verticalsRetail & Restaurant
Compare visitor conversion rates between stores
Deliver real-time coupons for
nearby amenities
Determine peak vsslow times at libraries,
student centers
Deliver public announcements via WiFi sign-on
Hospitality Education Healthcare
Cisco Confidential 67C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.
User analytics and engagement
Location Analytics
Optimize marketing and business operations
Analyze capture rate, dwell time, and new/repeat visitors to measure the impact of advertising, promotions, site utilization, etc.
Built-in location analytics Integrated in the WLAN; no extra sensors, appliances, or software
Extensible API Integrate location data with CRM, loyalty programs, and custom applications for targeted real-time offers
Cisco Confidential 69© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Apple Fast LaneNow Available with iOS10
Cisco and Apple Togetherfor a Better End-User Experience
Improve device efficiency through
joint tested standards-based
functionality
Analyze and prioritize Apple-
based applications
Minimize impact of Apple upgrades by accessing local
instances on Cisco® ASRs
Display content from Apple
devices Wirelessly
Cisco Security Overview
Global Cybercrime Market $450B‒$1T
It’s All About The MoneyIndustrial Hackers Are Making Big Money with Innovative Tactics
1990 1995 2000 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs RansomwareToday +
Phishing, Low Sophistication Hacking Becomes
an Industry Sophisticated Attacks, Complex Landscape
of large companies targeted by malicious traffic95% of organizations interacted
with websites hosting malware100% 1. Cybercrime is lucrative, barrier to entry is low2. Hackers are smarter and have the resources to compromise your organization3. Malware is extremely sophisticated and complex4. Cybercrime is now a formal, for-profit industry
Source: 2014 Cisco Annual Security Report
Too Many Disparate Security Products Mean Gaps in Protection
Fragmented offerings across multiple vendors
Cost
Higher total cost to build and run
Overall performance
Less communication betw een components
Time to detection
More lag in f inding threats
Antivirus
Legacy IPSInitial Disposition = Clean Actual Disposition = Bad
Too Late!!
Analysis Stops
Even
t Hor
izon Sleep Techniques
Unknown ProtocolsEncryptionPolymorphism
Blind to scope of compromise
Point-in-Time Detection Tools Alone Are Insufficient and Provide Limited or No Visibility Into Threats Once They Get in
Not 100%
Today’s cyber-threat reality
If you know you are going to be compromised, how should you do security
differently?
Why? Because you’ll never be able to prevent 100% of
attacks.
Your environmentwill get breached –it’s not an “IF” it’s a
“WHEN”
Too Many Disparate Security Products Mean Gaps in Protection
vs
Fragmented offerings across multiple vendors
Streamlined advanced security solution
Cost
Lower opex and easier to manage
Higher total cost to build and run
Overall performance
Less communication betw een components
Better communication and integration
Time to detection
Faster time to detection
More lag in f inding threats
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScopeContain
Remediate
Attack Continuum
Data Center/Servers EndpointsEmail and Web Netw ork Mobile
Threat intelligence and analytics
Point-in-Time detection
Retrospective security and continuous analysis
Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum
BeforeDiscover EnforceHarden
DuringDetect Block
Defend
AfterScopeContain
Remediate
FireSIGHT and pxGrid
ASA Anyconnect VPN
Umbrella Meraki MX
Advanced Malware Protection
Network as Enforcer
Intrusion Prevention
Email Security
Web SecuritySecure Access + Identity Services (ISE) ThreatGRID
Attack Continuum
Gain security backed by the most advanced threat intelligence
00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 00 II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00
III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 00 00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 000
II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0I000I0I0 0I0I0I0 I0I0I00I 0I0I 0I0I 0I0I I0I0I 0I00I0I
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0I0I
III00II 0II00II 0I0I0I0I 0I I0 I00 000II0 I0I0 0II0 00
24 7 365 Operations
100 TBOf Data Received Daily
1.5 MILLIONDaily Malw are Samples
600 BILLIONDaily Email Messages
16 BILLIONDaily Web Requests
MILLIONSOf Telemetry Agents
4Global Data Centers
Over 100Threat Intelligence Partners
250+Full Time Threat Intel Researchers
Globalscanning
30 years building the world’s networks
Cisco Secur i t y Dec reases Time to Detec t ion
81
100 days to 13.8 hours- Source: 2016 Cisco Annual Security Report
AMP on Web and Email Security Appliances
AMP on Cisco® ASA Firewall with Firepower Services
AMP Priv ate Cloud Virtual Appliance
AMP on Firepower NGIPS Appliance
(AMP for Networks)
AMP on Cloud Web Security and Hosted Email
CWS/CTA
Threat GridMalware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower Serv ices
AMP for Endpoints
AMP on MerakiMX Appliances
Before During AfterBefore
Discover EnforceHarden
DuringDetect Block
Defend
AfterScope
ContainRemediate
Remote Endpoints
Conclusion
Why Cisco DNA? Why Now?
Faster Network Services
Provisioning1
85%Faster Threat Detection from 100+ days to 17.5 Hours3
100XReduced Network Installation Costs2
79%Greater Business
AgilityLower Costs
Reduced Risk
1 Based on IWAN App - Estimate based on workflow changing from 900 CLI lines to 10 GUI clicks.2 PnP App - Based on average installation cost for SWM and additional customer deployment installation costs.3 Cisco 20016 Annual Security Report
Get Real Business Benefits TodayStart Your Digital Journey
We can help make your Infrastructure Digital Ready
Automate IT
Secure the EnterpriseWith Investment Protection for the Future
Thank You and Next Steps
Brian [email protected]
Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do
www.
Learn more about Cisco DNA:http://www.cisco.com/go/dna/
• CCE sessions are held weekly on a variety of topics• CCE sessions can help you understand the
capabilities and business benefits of Cisco technologies
• Watch replays of past events and register for upcoming events!
Visit http://cs.co/cisco101 for details
Join us again for a future Cisco Customer Education Event
Thank you.