TRAININGCISCOFASTPATHADVANCED MALWARE PROTECTION
FOCUS ARCHITECTURES
Collaboration NetworkingSecurity
Winning with Cisco SecurityCISCO UMBRELLA
Security in the Multi-Cloud Era
What You’ll Get in the Next Hour
• Current State of the Market• Portfolio Overview• VAULT • Call to Action!
• What to sell/do now• Partner Profitability
• Resources
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
RansomwareMobile work force
IoTCloud applications
Automation
Cost Complexity People shortage
Security challenges for Partners
Compliance
Cybercriminals are increasingly targeting mid-size companies
25% Midsize organizations with
no dedicated in-house information security role
60%of all online attacks target
small and midsize businesses
$4MAverage cost of a breach
globally
26%is the likelihood of a
breach happening over 2 years
Current State of the Market
The Market Landscape
• Shortage of Security Talent
• Flood of Security Vendors
• Undetected Multi-vector Threats
• 50B Devices online by 2020
• $106B Total Security Market, CAGR 8.4%*
* Gartner Inc., Forecast: Information Security, Worldwide, 2013 – 2019 1Q15 UpdateContu, Canales, Deshpande, Pingree, April 28, 2015
Firewall
Last 20 years of security:Got a problem?Buy a Box
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Firewall
VPN
Email Security
Web Security
DLP
SIEM
Replacement Box
Failover The Existingsecurity stack…Persistent Threats
IDS
Firewall 2.0
VPN 2.0
Email Security 2.0
Web Security 2.0
DLP 2.0
SIEM 2.0
Replacement Box 2.0
Failover 2.0
Persistent Threats 2.0
IDS 2.0
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Customers have a vendor buffet of Options
Future Consolidation?
Problem: Lots of Vendors = Lots of Complexity
The Security Effectiveness Gap
• Attack Surface Diversity: Growing exponentially due to IoT, SaaS / IaaS, and personal device trends
• Threats: Continuous rise in sophistication of attackers combined with rapid iteration and evolution of attacker techniques and tools
• Detection: Efficacy of classical detection methods eroding
• User Behavior: No longer constrained to IT controlled places, apps or devices
Ability to Defend Getting More Complex
Advantages of Cisco’s Architectural Approach to Security
What Cisco Has…
IntegratedArchitecture
Best ofBreed
toDays
Industry Average TTD
100Hours3
Advantage: Time to Detect
Advantage: Talos
Endpoint CloudNetwork
Threat Intelligence -
Cisco Security Architecture –Security that works together
Services
Threat intelligence -
NGFW
ISE
DNA Center
AnyConnect
AMP
Umbrella
Cloudlock
Stealthwatch Cloud
Endpoint CloudNetwork
Cisco Umbrella
20BRKSEC-1980
How IT was Built
Workplace desktops
Business apps
Critical infrastructure
Internet
Business appsSalesforce, Office 365,
G Suite, etc.
Branch office
Critical infrastructureAmazon, Rackspace, Windows Azure, etc.
Roaming laptops
Workplace desktops
Business apps
Critical infrastructure
InternetThe way we work has changed
21
Protect anywhere users connectMalwareC2 CallbacksPhishing
HQ
Sandbox
NGFW
Proxy
Netflow
AV AV
BRANCH
Router/UTM
AV AV
ROAMING
AV
First lineNetwork and endpoint
Network and endpoint
Endpoint
Cisco Umbrella
Safe access anywhere users go, even off VPN
First line of defense and inspection
Secure onramp to the cloud
23BRKSEC-1980
Umbrella is unique
Emphasis is on Security
Productivity is enhanced by protecting users wherever they go
No Need to Proxy Everything
Proxying everything adds latency
Easy to Deploy & Manage
Leveraging DNS for easy deployment
Intelligent proxyDeeper inspection
Umbrella - Built into the foundation of the internet
SafeOriginal destinations
Security controls§ DNS and IP enforcement
§ Risky domain inspection through proxy
§ SSL decryption available
BlockedModified destination
Internet trafficOn and off-network
DestinationsOriginal destination or block page
Umbrella’s Visibility
125Brequests per day
15Kenterprise customers
90Mdaily active
users
160+countries worldwide
26BRKSEC-1980
Visibility with Simplicity
Overview page: Focus on recent security activity or deployment issues
Destination & identity reports: Quickly pivot for more details
Security & activity search: Surfaces even more data (DNS, IP, proxy) with easy filtering options
Where do I sell Umbrella? Use cases
Use case: roaming workforce, off-network protectionChallenge§ Roaming laptops getting infected off network§ Users going straight to cloud, without VPN
How Umbrella helps§ Protects users even when not using VPN and integrates
with AnyConnect
Customer response§ “The Umbrella roaming client [w/ AnyConnect integration] has significantly reduced
malware, and gives us the power to enforce security compliance off-network and not on the VPN.”
AMP for Endpoints Continuous Analysis and Retrospective Security
Across all control points
To answer the questions that matter…
Take advantage of key capabilities
Web
WWW
EndpointsEmail Network
â
Mobile
Track it’s rate of progression and how it spread
See what it is doingIdentify a threat’s point of origin
See where it's been Surgically targetand remediate
If Something Gets in, Retrospective Security Helps You Find Answers to the Most PressingSecurity Questions
What happened?Where did the malware come from?Where has the malware been?What is it doing?How do we stop it?
See AMP in Action!
The AMP Everywhere ArchitectureAMP Protection Across the Extended Network for an Integrated Threat Defense
AMPThreat Intelligence
Cloud
Windows OS Android Mobile Virtual MAC OSCentOS, Red Hat Linux for servers and datacenters
AMP on Web and Email Security AppliancesAMP on Cisco® NGFW
Firewalls
AMP Private Cloud Virtual Appliance
AMP for Networks (AMP on Firepower NGIPS
Appliance bundle)
AMP on Cloud Web Security and Hosted Email
CWS/CTA
Threat GridMalware Analysis + Threat
Intelligence Engine
AMP on ISR with Firepower Services
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can be launched from AnyConnect
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco and Apple securing managed Corporate Devices
AMP for Endpoint dashboard
Meraki SMMDM Solution
Umbrella app extension
Clarityapp extension
Umbrelladashboard
Systems Manager Enterprise1 License per Device
Cisco Security Connector AppNo license for the app itself
(No cost – deployed by MDM)
Cisco Umbrella1 License per User
AMP for Endpoint (Clarity)1 License per Device
Pushes CSC app to iOS supervised devices
Features enabled byCisco Umbrella license
Features enabled byAMP for Endpoint license
AND/OR
MDM Solution
App Extensions
Partner POV & Assessments
What PPOV can do for you
With PPoV, you can easily:§ Provision 21-day customer trials
§ Track multiple customer trials from an easy-to-use cloud-based console
§ Extend trials for another 21 days
§ Request access to customer’s trial § Produce reports to show blocked attacks
Which leads to:More closed deals!
How can you get access to the PPOV console?
Option 2
Required: Fire Jumper Stage 4 or higher for cloud, web, and email security Find Fire Jumper resources here.
Recommended: PPoV training videoWatch here:http://cisco.com/go/ciscoumbrella#enablement
Option 1
Required: SE Training + COLT exam Watch all of the SE Pre-Sales Training videos here: http://cisco.com/go/ciscoumbrella#enablementand complete the posted exam.
Recommended: Umbrella deployment lab1. Login to dcloud.cisco.com2. Use Catalog to find Umbrella Lab or Search
for “Umbrella lab”3. Use instructions in the associated guide
to start the lab
Start WithMeraki
SecureNetwork
ADD Services Meraki ServicesSmartNet
Finance with EASY PAY
Customer Monthly Billing Partner Managed
Start with NGFW
SecureNetwork
ADD Services FTD Service (TMC 3Y)SmartNet
Finance with EASY PAY
Customer Monthly BillingPartner Managed
Firepower NGFW(FPR5506-FPR2110)
SECURITY – Simple IT (SUB250)
AMPCiscoAMP4EPAnyConnect
Meraki MX
Advantage: Architecture Helps Customers Save Money
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Compliance & reduced risk
• Improved FTE productivity (20%)
• Better threat detection• Easier implementation• Automation
SecuritySolution• 1-2branchLocationsor1MainHQ• CustomerlookingHybridSimplicity• 50+employees(50Nodes)• SmallITStaff– leveragesPartnerforITsupt• Employeesconnectingremotely- on/offVPN
Premise/Hybrid• NGFW5516-FTD-K9withFTDLicenses• UmbrellaProfessional(1Year)• AMPforEndpoint(1Year)• AnyConnectVPNandSmartNet
$9200(48%)
$8600(54%)
Standard
SecurityIgnite
OIP/FT
SecurityDynamicBundle
$8000(60%)
$10,000(40%)
VIP31
RECURING2%-5%onCLOUD
SECURITY
StandardPartnerPricing• $5700• $1495• $1980• $500AC+$500Smartnet• $10,000– est.PartnerBillofMaterials
FRONT-ENDDISCOUNT BACK- ENDVIPINCENTIVE
TOTALFrontandBackEnd
Upto+20%totalpartnerdiscount+
Recurring2%revenueonCLOUD
SECPIDs
PartnerMarginIncreasesoverstreetpriceoneverySECSolutionDeal
1
+5% +8% +14% +20%
PartnerMarginuptoX%whenDealReg,OIPVIPandSolutionDiscountsApplied
Cisco Advantages Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ü Close the Capabilities-Complexities Gap
ü Reduce time to detection
ü Reduce customer expense
ü TALOS – check out their Blog
VAULTWe built a training program designed to jumpstart your security practice from the ground up. Learn from our specially trained, Cisco-certified instructor in a hands-on lab format, as you configure and test devices and manage threats in a test environment. Plus, you’ll leave with definitive next steps on how to get certified and start selling Security.
UPCOMING CLASSESü April 17th at 1:00pm
ü May 8th at 1:00pm
ü May 22nd at 1pm
www.scansourcekbz.com/vault
www.scansourcekbz.com/vault
Partner Call to Action!!
Ransomware: A Real World Example
Umbrella blocks the requestNGFW blocks the connectionEmail Security w/AMP blocks the phishing email
AMP for Endpoint blocks the file
Umbrella blocks the request NGFW blocks the connection
Umbrella blocks the request to Encryption Key Infrastructure
Umbrella Next-Gen Firewall AMP EndpointEmail w/AMP
OR
Have a THREAT Detection Conversation….not a SECURITY Conversation• Did you know you can stop most Cyber Threats at the DNS layer?
(UMBRELLA conversation)• What is your last line of defense against an advanced attack? (AMP for
Endpoint conversation)• What is your protection against Phishing email attacks? (Cloud Email
with AMP conversation)• Do you have containment established for quick damage control if you
do detect a breach? (NaaE, AMP ThreatGrid, NGFW discussion)• How will your company respond to a ransomware attack? (IR Services
conversation)
For more info on ransomware, click here
1
More info on all Cisco Security Products: http://www.cisco.com/c/en/us/products/security/product-listing.html
Product AMP for Endpoints Umbrella
Price Estimate $60 per seat $40 - $80 per seat per year
What is it?
AMP (Advanced Malware Protection) is a cloud-managed endpoint security solution that provides the visibility, context and control to not only prevent cyber attacks, but also rapidly detect, contain, and remediate advanced threats if they evade front-line defenses and get inside
Cloud based security solution, protects on and off the network
New layer of security that has been ignored until recently (DNS)
Stops phishing, malware, and ransomware earlier
When to Position Sell to customers who want to protect end point devices -PCs, Macs, Linux, Mobile Devices
Sell to every customer – most customers don’t have any DNS Protection (greenfield – new layer of defense)
Customer Benefit
100% Security Effectiveness rating - the highest of all vendors tested
Only vendor to detect and block 100% of malware, exploits, and evasion techniques during testing
Fastest time to detection of all vendors tested
Minimizes time and op cost to contain and remediate
Helps prevent ransomware outbreaks – most outbreaks use DNS
Can be deployed enterprise-wide rapidly (from minutes to days)
Benefit to you Provides recurring revenue and helps sell other solutions (Threat Grid)
Provide recurring revenue – over 90% of deployments are renewed
Position Cisco Umbrella and AMP for End Points2
• Free 14-day trial of Umbrella, click here
• Free Eval of Cloud Email Security, click here
• Free 2 - 4 week trial of AMP for Endpoints, click here
Use Trials to get Customers Hooked!3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Make Money!4
Go to Selling Security frequently for the latest offers
Register your Deals with Ignite!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Training
Cisco Rewards: 2 Ways to Earn
\
Selling
https://communities.cisco.com/docs/DOC-72110
Resources
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Selling Security: http://www.cisco.com/c/en/us/products/security/partner.html• Cisco Rewards: http://www.cisco.com/c/en/us/partners/sell-integrate-
consult/incentives-promotions/rewards.html• Ransomware Defense for Dummies Book: http://b2me.cisco.com/LP=2388• Security Ignite: http://www.cisco.com/c/en/us/partners/sell-integrate-
consult/incentives-promotions/security-ignite.html• Ransomware Solution: www.cisco.com/go/ransomware• AMP: http://www.cisco.com/c/en/us/products/security/advanced-malware-
protection/index.html?stickynav=2• Umbrella: https://umbrella.cisco.com/• Email: http://www.cisco.com/c/en/us/products/security/email-
security/index.html?stickynav=2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank you!
SPECIALIZED SUPPORTONBOARDING & ENABLEMENT
We offer options ranging from leasing to trade credit terms, so partners can optimize purchases and pursue sales
opportunities they're passionate about.
RESELLER FINANCIAL SERVICES
We have a fully certified team there to help with pre and post sale support, from everything to design review and
planning to being a demo resource for you.
PRE-SALES TECH/DESIGN SUPPORT
With a centrally-located warehouse near the Memphis, Tennessee, FedEx Hub, we maintain a shipping rate
accuracy of more than 99%. We also have a Custom Configuration Center to help build and pre-provision
hardware.. .
LOGISTICS
Each team is aligned with a Cisco territory and a dedicated contact in that territory who knows your day-to-day business, to ensure that you always get the precise level of support
DEDICATED SALES TEAM
We understand good things take time, but with our programs we will have prospects calling you. Whether it be through events, collateral or a demand gen campaign, we have the key to your growth.
MARKETING AND DEMAND GENERATION
Leverage our demo center to view demonstrations through the cloud or get the product you need to give your customers a hands-on experience.
DEMO
From early-stage project planning and assessment, to on-site engineering, project management, contract management, and tech support, ZCare Services are an end-to-end professional services solution across the lifecycle of your collab deployment.
ZCARE
A fully customized training program, taking you through Cisco's portfolio all the way through developing your
technical and sales expertise with trainings and test vouchers .
THANK YOULet us help you be successful and profitable with Cisco.
Chris BlackwellSecurity Business Development at ScanSource [email protected]