HowToSell_TrustsecFINALinternal.ppt

February 2010

Cisco TrustSec “How to Sell”

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-576464-00 2

Announcing…

Cisco TrustSec An industry-leading solution enforcing access and policy in the secure borderless network

TrustSec now includes:Catalyst Switches: Identity based networking services (802.1X based technologies)

Security Group Tagging (SGT)

Cisco Secure Access Control System (ACS)

Cisco Network Admission Control (NAC)

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3

Market Opportunity

A recent Gartner survey indicates that 50% of enterprises plan to implement 802.1X in their wired networks by 2011.

* Source: Gartner, July 2008


What Does TrustSec Do?

1

4

2

Who are you?An 802.1x or a Network Admission Control (NAC) appliance authenticates the user.

What service level do you receive?The user is assigned services based on role

and policy ( job, location, device, etc.).

What are you doing?The user’s identity, location, and access

history are used for compliance & reporting.

Where can you go?Based on authentication data, the user is

placed in the correct VLAN.

3

Enforces Access Policy

IdentifiesAuthorized Users

Personalizes The Network

Increases Network Visibility


SupportsCompliance

Dynamically authenticate and assign access based on user role, device, and location

Enforce consistent security policy and ensure endpoint health

Provide real-time access visibility and audit trails for monitoring and reporting

StrengthensSecurity

Enables SecureCollaboration

Why Customer’s Care: Addressing top business initiatives with TrustSec


Authorization (Controlling Access)

Other ConditionsIdentity Information

+Group:

Contractor

Group:Full-TimeEmployee

Group:

Guest

How TrustSec Works:Controlling Network Access

Broad Access

Limited Access

Guest/Internet

Deny Access

Quarantine

Time and Date

Access Type

LocationPosture

Track for Accounting


TrustSec Core Technical Components

Infrastructure Components

Endpoint Components NAC Agent

No-cost client for device-based scans

802.1X Supplicant802.1X supplicant via CSSC or

native supplicant

SWITCH IDENTITY

DEPLOYMENT FEATURES

NEW

Cisco® Catalyst® and Nexus® 7000 switches

Policy/Security Components

NAC ManagerCentralized management, configuration, reporting,

and policy store

NAC ServerPosture, services, and enforcement

ACS 5.1Access Policy System for 802.1X termination

and identity-based access control

NAC ProfilerProfiles unmanaged devices and applies

policy based on device type

NAC GuestFull-featured

guest provisioning

server

ACS 5.1

SWITCH INTEGRATION

:NAC

PROFILER & GUEST


TrustSec Capabilitiesin the Secure Borderless Network

VLAN is good, but let's also add "restricted access using dynamic ACL" (VLAN doesn't work for all customers)

Enhanced Switch Features–More authentication options: FlexAuth, WebAuth

–Additional deployment capabilities: Open Mode, IP Telephony

Cisco ACS 5.1: Improve operations with monitoring and troubleshooting

Cisco Guest and Profiler: Lower the cost of managing identity and policy in both a .1X and appliance environment

Security Group Tagging (SGT) on the Nexus 7000

–Enforces role-based access control to servers within a security group

–Provides flexibility by not being dependent on the network topology

MACsec: Addresses compliance by providing an encrypted link from the Catalyst® 3750-X, 3560-X, and Nexus® 7000 to the endpoint


TrustSec: Two Options for Flexible Access Control

Sell NAC Server

Sell NAC Manager

Upsell NAC Profiler

Upsell NAC Guest

Upgrade legacy switches

Sell/Upgrade ACS

Sell CSSC

Upsell NAC Profiler

Upsell NAC Guest

Qualifying Questions Portfolio

802.1x or industry standard mandate over next 1-2 years?

ACS & SWITCHES

Customer want to leverage switch infrastructure for enhanced capacity & overall capability?

ACS & SWITCHES

Immediate need for posture assessment?

NAC

Largely non-Cisco access infrastructure?

NAC

Note –Guest Server and Profiler can be deployed with both NAC and ACS

ACS & SWITCHES(INFRASTRUCTURE)

NAC(APPLIANCE)

1 2


TrustSec Sales Opportunities

Create migration opportunities from legacy switches

Include security technology

Add high-margin professional services


Migration Opportunity: Total Market

2K3K4K6K


Legacy Migration Plan

Catalyst 2940, 2950 2960, 2960-S

Catalyst 2970 2960, 2960-S, IE 3100

Catalyst 3550 3560, 3750, 3560E, 3750E, 3560X, 3750X

Catalyst 400x & 4500 non-E Series (SUP1, SUPII , SUPII+TS , SUPII+ , SUPII+10G, SUPIII, SUP-IV , SUPV )

4500 E Series (with Sup6-E, Sup6L-E, 4500 with SupV-10GE)

Catalyst 6K Sup 1, Sup 2 Sup 32 or Sup 720

Catalyst Migration Opportunity: Optimal Path


Sales Opportunity: Attach Security

Discuss enhanced capabilities of ACS 5.1 to drive migration (30,000 + customers).

Demonstrate the best-in-class guest access management of NAC Guest Server.

Position the ease of deployment with NAC Profiler.

All technologies provided by the proven leader in Network Admission Control

– Cisco

NEW!


Sales Opportunity: Offer High-Margin Professional Services

Business processes

Network discovery

Migration services

Implementation services

Leveraging Cisco or partner services


Sales Tactics

Low-hanging fruitEnterprise (500+ users)

Security-conscious

Regulatory compliance

Internal mandates for 802.1X

Key decision influencersNetwork decision-maker

Security decision-maker

Compliance officer

IT director


Sales Process

Tools Available:• Sales and technical presentations• Infrastructure assessment guidelines• Configuration guides for POCs • Design and deployment guides


Sales Differentiators: Defend Against Competitors!

Market-leading solution

Ease of deployment: low and no-impact deployment options)

Flexible: Three ways to authenticate using a single configuration)

Efficient, consistent, and scalable: Leverage your infrastructure and use a common policy)

Ease of ongoing management: Security Group Tagging (SGT) enables scalable network access control through simplified network design

Complete, single vendor solution


Switch Technical Differentiators

Flexible Flexible Authentication Authentication SequencingSequencing

Rolling authentication Rolling authentication with a flexible with a flexible sequence (.1x, MAB, sequence (.1x, MAB, and web and web authentication)authentication)

Most flexible authentication in the Most flexible authentication in the market: automates the port market: automates the port configuration to accommodate all configuration to accommodate all endpoint devices – necessary to endpoint devices – necessary to support the most enterprise use cases support the most enterprise use cases

Unified Unified Guest Guest AccessAccess

Monitor Monitor ModeMode

Unified guest access Unified guest access with local web with local web authentication on the authentication on the switchswitch

Gathers information Gathers information about device/user about device/user access without adverse access without adverse impactimpact

Same infrastructure for wired and Same infrastructure for wired and wireless guest access – same wireless guest access – same premiere user experiencepremiere user experience

Critical to deploying network-based Critical to deploying network-based identity without locking out users or identity without locking out users or devicesdevices


TrustSec: Examples of Sales Opportunities

Switch Migration:15 Catalyst 6500 Series

50 Catalyst 3750 Series

125 Catalyst 4500E Series

Attached Security: 5 Access Control Systems 1 Profiler 1 Guest Server

Switch Migration:50 Catalyst® 6500 Series 50 Catalyst 3750 Series 2000 Catalyst 2960 Series

Attached Security:

14 Access Control Systems 3 Profilers (each up to 40,000 MAC addresses) 3 Guest Servers

Large enterprise network Mid-sized network

$24M* $7M*

* Based on list prices


Case StudyUniversity of Montreal

Background

One of the top 100 universities in the world, with 55,000 students and an annual research budget of CAD$450 million

Business Challenges Support collaboration between research groups

Differentiated access for students, researchers and faculties

Cisco Solution Benefits Tailored network services with identity-

based access

Scalable network environment

Improves OPEX with network moves, adds and changes

“Our new network is more secure, and we can do a better job by giving more specialized service to people.”

Michel L'Heureux Director of Telecommunications Université de Montréal

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/case_study_c36-566762.html


Next Steps Resources

• TrustSec Business Presentation NEW!

• TrustSec Technical Presentation NEW!

• TrustSec At-A-Glance NEW!

• TrustSec Quick Reference Card NEW!

Web Sites• Cisco Secure Borderless Networks,

Cisco TrustSec, Cisco AnyConnect Secure Mobility internal Launch page

http://wwwin.cisco.com/marketing/borderless/security.shtml

• Partner Central Secure Borderless Networks Launch page

www.cisco.com/go/sbn

• Cisco TrustSec external page

www.cisco.com/go/trustsec

Documents

HowToSell_TrustsecFINALinternal.ppt