Upload
luciana-pelaez
View
104
Download
1
Tags:
Embed Size (px)
Citation preview
February 2010
Cisco TrustSec “How to Sell”
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 2
Announcing…
Cisco TrustSec An industry-leading solution enforcing access and policy in the secure borderless network
TrustSec now includes:Catalyst Switches: Identity based networking services (802.1X based technologies)
Security Group Tagging (SGT)
Cisco Secure Access Control System (ACS)
Cisco Network Admission Control (NAC)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Market Opportunity
A recent Gartner survey indicates that 50% of enterprises plan to implement 802.1X in their wired networks by 2011.
* Source: Gartner, July 2008
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 4
What Does TrustSec Do?
1
4
2
Who are you?An 802.1x or a Network Admission Control (NAC) appliance authenticates the user.
What service level do you receive?The user is assigned services based on role
and policy ( job, location, device, etc.).
What are you doing?The user’s identity, location, and access
history are used for compliance & reporting.
Where can you go?Based on authentication data, the user is
placed in the correct VLAN.
3
Enforces Access Policy
IdentifiesAuthorized Users
Personalizes The Network
Increases Network Visibility
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 5
SupportsCompliance
Dynamically authenticate and assign access based on user role, device, and location
Enforce consistent security policy and ensure endpoint health
Provide real-time access visibility and audit trails for monitoring and reporting
StrengthensSecurity
Enables SecureCollaboration
Why Customer’s Care: Addressing top business initiatives with TrustSec
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 6
Authorization (Controlling Access)
Other ConditionsIdentity Information
+Group:
Contractor
Group:Full-TimeEmployee
Group:
Guest
How TrustSec Works:Controlling Network Access
Broad Access
Limited Access
Guest/Internet
Deny Access
Quarantine
Time and Date
Access Type
LocationPosture
Track for Accounting
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 7
TrustSec Core Technical Components
Infrastructure Components
Endpoint Components NAC Agent
No-cost client for device-based scans
802.1X Supplicant802.1X supplicant via CSSC or
native supplicant
SWITCH IDENTITY
DEPLOYMENT FEATURES
NEW
Cisco® Catalyst® and Nexus® 7000 switches
Policy/Security Components
NAC ManagerCentralized management, configuration, reporting,
and policy store
NAC ServerPosture, services, and enforcement
ACS 5.1Access Policy System for 802.1X termination
and identity-based access control
NAC ProfilerProfiles unmanaged devices and applies
policy based on device type
NAC GuestFull-featured
guest provisioning
server
ACS 5.1
SWITCH INTEGRATION
:NAC
PROFILER & GUEST
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 8
TrustSec Capabilitiesin the Secure Borderless Network
VLAN is good, but let's also add "restricted access using dynamic ACL" (VLAN doesn't work for all customers)
Enhanced Switch Features–More authentication options: FlexAuth, WebAuth
–Additional deployment capabilities: Open Mode, IP Telephony
Cisco ACS 5.1: Improve operations with monitoring and troubleshooting
Cisco Guest and Profiler: Lower the cost of managing identity and policy in both a .1X and appliance environment
Security Group Tagging (SGT) on the Nexus 7000
–Enforces role-based access control to servers within a security group
–Provides flexibility by not being dependent on the network topology
MACsec: Addresses compliance by providing an encrypted link from the Catalyst® 3750-X, 3560-X, and Nexus® 7000 to the endpoint
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 9
TrustSec: Two Options for Flexible Access Control
Sell NAC Server
Sell NAC Manager
Upsell NAC Profiler
Upsell NAC Guest
Upgrade legacy switches
Sell/Upgrade ACS
Sell CSSC
Upsell NAC Profiler
Upsell NAC Guest
Qualifying Questions Portfolio
802.1x or industry standard mandate over next 1-2 years?
ACS & SWITCHES
Customer want to leverage switch infrastructure for enhanced capacity & overall capability?
ACS & SWITCHES
Immediate need for posture assessment?
NAC
Largely non-Cisco access infrastructure?
NAC
Note –Guest Server and Profiler can be deployed with both NAC and ACS
ACS & SWITCHES(INFRASTRUCTURE)
NAC(APPLIANCE)
1 2
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 10
TrustSec Sales Opportunities
Create migration opportunities from legacy switches
Include security technology
Add high-margin professional services
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 11
Migration Opportunity: Total Market
2K3K4K6K
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 12
Legacy Migration Plan
Catalyst 2940, 2950 2960, 2960-S
Catalyst 2970 2960, 2960-S, IE 3100
Catalyst 3550 3560, 3750, 3560E, 3750E, 3560X, 3750X
Catalyst 400x & 4500 non-E Series (SUP1, SUPII , SUPII+TS , SUPII+ , SUPII+10G, SUPIII, SUP-IV , SUPV )
4500 E Series (with Sup6-E, Sup6L-E, 4500 with SupV-10GE)
Catalyst 6K Sup 1, Sup 2 Sup 32 or Sup 720
Catalyst Migration Opportunity: Optimal Path
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 13
Sales Opportunity: Attach Security
Discuss enhanced capabilities of ACS 5.1 to drive migration (30,000 + customers).
Demonstrate the best-in-class guest access management of NAC Guest Server.
Position the ease of deployment with NAC Profiler.
All technologies provided by the proven leader in Network Admission Control
– Cisco
NEW!
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 14
Sales Opportunity: Offer High-Margin Professional Services
Business processes
Network discovery
Migration services
Implementation services
Leveraging Cisco or partner services
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 15
Sales Tactics
Low-hanging fruitEnterprise (500+ users)
Security-conscious
Regulatory compliance
Internal mandates for 802.1X
Key decision influencersNetwork decision-maker
Security decision-maker
Compliance officer
IT director
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 16
Sales Process
Tools Available:• Sales and technical presentations• Infrastructure assessment guidelines• Configuration guides for POCs • Design and deployment guides
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 17
Sales Differentiators: Defend Against Competitors!
Market-leading solution
Ease of deployment: low and no-impact deployment options)
Flexible: Three ways to authenticate using a single configuration)
Efficient, consistent, and scalable: Leverage your infrastructure and use a common policy)
Ease of ongoing management: Security Group Tagging (SGT) enables scalable network access control through simplified network design
Complete, single vendor solution
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 18
Switch Technical Differentiators
Flexible Flexible Authentication Authentication SequencingSequencing
Rolling authentication Rolling authentication with a flexible with a flexible sequence (.1x, MAB, sequence (.1x, MAB, and web and web authentication)authentication)
Most flexible authentication in the Most flexible authentication in the market: automates the port market: automates the port configuration to accommodate all configuration to accommodate all endpoint devices – necessary to endpoint devices – necessary to support the most enterprise use cases support the most enterprise use cases
Unified Unified Guest Guest AccessAccess
Monitor Monitor ModeMode
Unified guest access Unified guest access with local web with local web authentication on the authentication on the switchswitch
Gathers information Gathers information about device/user about device/user access without adverse access without adverse impactimpact
Same infrastructure for wired and Same infrastructure for wired and wireless guest access – same wireless guest access – same premiere user experiencepremiere user experience
Critical to deploying network-based Critical to deploying network-based identity without locking out users or identity without locking out users or devicesdevices
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 19
TrustSec: Examples of Sales Opportunities
Switch Migration:15 Catalyst 6500 Series
50 Catalyst 3750 Series
125 Catalyst 4500E Series
Attached Security: 5 Access Control Systems 1 Profiler 1 Guest Server
Switch Migration:50 Catalyst® 6500 Series 50 Catalyst 3750 Series 2000 Catalyst 2960 Series
Attached Security:
14 Access Control Systems 3 Profilers (each up to 40,000 MAC addresses) 3 Guest Servers
Large enterprise network Mid-sized network
$24M* $7M*
* Based on list prices
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 20
Case StudyUniversity of Montreal
Background
One of the top 100 universities in the world, with 55,000 students and an annual research budget of CAD$450 million
Business Challenges Support collaboration between research groups
Differentiated access for students, researchers and faculties
Cisco Solution Benefits Tailored network services with identity-
based access
Scalable network environment
Improves OPEX with network moves, adds and changes
“Our new network is more secure, and we can do a better job by giving more specialized service to people.”
Michel L'Heureux Director of Telecommunications Université de Montréal
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/case_study_c36-566762.html
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 21
Next Steps Resources
• TrustSec Business Presentation NEW!
• TrustSec Technical Presentation NEW!
• TrustSec At-A-Glance NEW!
• TrustSec Quick Reference Card NEW!
Web Sites• Cisco Secure Borderless Networks,
Cisco TrustSec, Cisco AnyConnect Secure Mobility internal Launch page
http://wwwin.cisco.com/marketing/borderless/security.shtml
• Partner Central Secure Borderless Networks Launch page
www.cisco.com/go/sbn
• Cisco TrustSec external page
www.cisco.com/go/trustsec