All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information.

Displace Check Point Playbook

Cisco Internal Use Only

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information. Page

1. IntroductionThis playbook will help you navigate through the process of displacing Check Point security solutions from your customers’ networks. Displacing Check Point and selling the Cisco Self-Defending Network will help you establish yourself as your customers’ vendor of choice for security. This will lead to increased account control, future revenue opportunities, and more satisfied customers.

2. Overall ProcessThe overall process of displacing Check Point follows these basic steps for each deal opportunity:

I. Gain executive and/or security operations support II. Demonstrate Cisco’s Proof of Concept III. Show reduced Total Cost of Ownership (TCO) IV. Identify necessary services

a. Conversion services b. Post-conversion staff augmentation c. Training

3. Uncovering OpportunitiesThe main sources of opportunities to displace Check Point from are customers that you:

+ Are already aware of that have Check Point deployments + Identify in partnership with Cisco Account Managers, System Engineers (SEs), Security Product Sales Specialists (PSSs), and security Consulting System Engineers (CSEs)

4. Opportunity Evaluation

Opportunity “Sweet Spot”

From a big-picture perspective, the North American and European enterprise firewall/VPN markets are the “sweet spot” for Check Point displacements. Other opportunities exist, but this area represents the majority of opportunities.

This “sweet spot” assessment comes from a quick look at the trends in Check Point’s 2005 financial data. The enterprise segment accounted for approximately 75% of Check Point revenues; the commercial segment approximately 15%; and the service provider segment 10%. Asia-Pacific accounted for approximately 14% of Check Point revenues, with the remainder split nearly equally between the Americas and EMEA (primarily Europe). Finally, about 80% of Check Point business was firewall/IPSec VPN; 10% was from personal firewall (from their ZoneLabs business), and about 10% was from SSL VPN and IPS.

Trigger Events: Renewal and End-of-Sale

1) Every year, Check Point customers must pay as much as 30 to 40% of the list price of their Check Point products to Check Point to ensure they get the latest software updates.

2

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information. Page

By approaching customers several months before their software renewal is due, while the topic is fresh in customers’ minds, you will be able to clearly demonstrate your ability to ease the burden this causes customers.

Consider the following brief example that highlights the Cisco TCO advantage. This example is for an enterprise Check Point / Nokia firewall deployment (~ 40 gateways of varying sizes) with total annual renewal costs of US$250,000. For this environment, in order to replace Check Point with a corresponding Cisco environment, the TCO calcula-tion can be summarized as follows:

Check Point Cisco

Total CapEx ~ $0 (already paid for!) ~ $209,000

Annual OpEx $250,000 ~ $45,300

Three-year TCO ~ $750,000 ~ $344,900

For full calculation details of the example above, please see the business decision maker (BDM) and technical decision maker (TDM) presentations.

2) A second major trigger event is the end-of-sale and end-of-life of a number of Nokia IP-series products. Historically, these Nokia IP-series products have been the platforms of choice for Check Point deployments. Their end-of-sale opens up the opportunity to discuss migration to Cisco with these customers. Consult the Nokia Website for a list of specific platforms and their associated retirement dates:

https://support.nokia.com/home/static/productsSupported.htm#ipsecplat

Deal Size

The number of Check Point gateways being displaced is the primary measure of the potential deal size. Related to this is where the gateways are being used and how, as dis-cussed in the next section.

Technology Deployment

This table provides a quick look at the Cisco products appropriate for displacing Check Point solutions, based on the security technology in use and the deployment location.

Deployment Locations

Technologies Central Site & Branch Central Site only Branch only

Firewall Cisco Firewall Services Module (FWSM), Adaptive Security Appliance (ASA), Integrated Services Router (ISR), Cisco Security Manager (CSM), Cisco Security MARS

FWSM, ASA, ISR, CSM, MARS

ISR, ASA, CSM

Site-to-site VPN Cisco VPN Shared Port Adapter (VPN SPA), Integrated Services Router (ISR), Adaptive Security Appliance, Cisco Security Manager (CSM), Cisco Security MARS

- -

3

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information. Page

Deployment Locations

Remote Access VPN

Cisco VPN SPA, Adaptive Security Appliance (ASA), Cisco Security Manager (CSM)

VPN SPA, ASA, CSM

-

5. Summary Sales Pitch1. Cisco solutions have lower CapEx and OpEx, resulting in lower TCO

2. The Self-Defending Network differentiates Cisco as a single, strategic security vendor

3. Cisco security solutions offer best-in-class security

4. Cisco now offers advanced security management solutions (Cisco Security Manager, Cisco Security Monitoring, Analysis, and Response System [MARS])

5. Cisco maintenance and support are superior and easier to work with

6. Customers can leverage existing Cisco router and switch investments

6. IncentivesCustomer incentives are provided in the form of trade-in credits on competitive gear through the Cisco Competitive Equipment Exchange program. Channel partner incentives include the Trade-In Accelerator Promotion (TAP) and Value Incentive Program (VIP).

7. EngagementOnce the customer decides to move forward with a Cisco deployment, one key element of the engagement will be to migrate the Check Point deployment and configuration to Cisco products. This process requires knowledge of both Cisco and Check Point solutions, and is not a one-to-one mapping. This expertise may exist within the customer, within your orga-nization, with a Cisco Consulting Systems Engineer, or Cisco Advanced Services.

In addition to enlisting the expertise of personnel for the migration, several tools exist to assist in the migration:

1. The Cisco Security Conversion Tool (SCT), or Checkers, converts Check Point fire-wall configurations to Cisco configurations, and includes accommodations for Cisco Security Manager. In addition to the SCT, a video is available that walks through the SCT and shows a sample migration.

2. A migration best-practices guide provides “lessons learned” from past migrations, and can help in the conversion process.

8. Partner TrainingTo support partners that may be less familiar with Cisco Security Manager, a training road show for partners is presently underway. For details, see the Displace Check Point Web program portal on the Cisco Channel Partner Website, and refer to the “Partner Training” section.

4

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information. Page

Questions to Help Build TCO Business CaseThe following questions will help you discover the details necessary to build your TCO business case.

1. What hardware platform does the company use for its Check Point gate-

ways?

o When was it purchased and/or when is it due to be refreshed?

o What is the annual maintenance cost for the hardware platform?

2. What type of Check Point gateway licenses does the customer have?

• Unlimited?

• If not “unlimited”, what is the user count?

• Bandwidth requirements per gateway?

• 150 Mbps/3000 connections per second (SOHO, remote offices)

• 300 Mbps/6000 connections per second (small enterprise sites)

• 450 Mbps/9000 connections per second (small to medium-sized enterprise sites)

• 650 Mbps (large)/20,000 connections per second (medium-sized enterprise sites)

• 1+ Gbps/28,000 connections per second (large enterprise sites, main gateways)

• What is the annual software maintenance cost for the gateways?

3. How many Check Point SmartCenter management consoles does the

customer have?

• Are any deployed in high-availability configurations?

• What is the annual software maintenance cost for these?

4. Do they own Check Point Provider-1?

• If so, how many MLMs, MDSs, and CMAs do they have? (MLM is the Multi-Domain Log Module, MDS is the Multi Domain Server, and CMA is the Customer Management Add-On. These are all Provider-1 components)

• What type of hardware does the Provider-1 gear run on?

• What is the annual hardware and software maintenance for Provider-1?

5. Are they using SmartDefense (Check Point’s IPS-lite function)?

• On which gateways?

• What is the annual software maintenance cost for SmartDefense?

6. Are they using any VPN-1 edge appliances?

• What size gateways (this is based on user count)?

• What is the annual maintenance cost for these appliances?

5

Appendix 1

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information. Page

Cisco Proof-of-Concept (CPOC) DemonstrationsDemonstrating the Cisco solution that will displace the Check Point deployment is a key part of increasing your customer’s comfort level with the transition, and therefore in clos-ing the deal. A Cisco Security DemoBox is a convenient, one-stop way to demonstrate the main components of a Cisco Self-Defending Network solution to your customers. Your Cisco sales or SE contacts can help you learn more about the Security DemoBox.

Products needed for Cisco Proof-of-Concept Demo

+ (2) Cisco integrated services routers running Cisco IOS Software Release 12.4.6.T (firewall, VPN, intrusion prevention system [IPS]) + (1) Cisco ASA adaptive security appliance with Security Services Module (SSM); either IPS or content inspection + Cisco Security Manager + Cisco Security MARS-20 + If available, from customer environment, partner, etc.

• Check Point VPN-1 Pro Gateway and SmartCenter MC

• SmartDashboard (the Check Point GUI client software used to connect to SmartCenter)

Following are some highlights some of the key technologies and capabilities to show your customers.

+ Cisco Security Manager User Interface Overview:

• Demo application inspection of protocols/services

• Debug problems (query rule base for specific IP addresses, query Cisco Security MARS to see if traffic has been denied or allowed for a specific IP address)

• Cisco Adaptive Security Device Manager (ASDM)/SDM using packet tracer or cap-ture command

• How to manage multiple firewalls - how does this compare to Check Point?

• Cisco Security MARS: Logging interface overview for logging and policy lookups

• How to configure high availability

• How to configure both remote-access and site-to-site VPN; both managed VPNs and third-party VPN connections with a business partner

• If using Check Point’s VPN-1 SecureClient, demo both IPsec and SSL capabilities of Cisco ASA appliances

• Cisco Security Conversion Tool (SCT) demo: Show how SCT will convert Check Point rules into Cisco rules

+ SCT will speed up transition rules, objects, Network Address Translation (NAT) rules, IP addresses, and routing

• Cisco ASA 5500 Series Adaptive Security Appliances

• Show unified management via Cisco Security Manager and/or on-box management

6

Appendix 2

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Confidential information. Page

with Cisco ASDM.

• Show SSM function (IPS and/or content inspection from Trend Micro)

• Cisco Integrated Services Routers

• Show unified management via Cisco Security Manager and/or on-box manage-ment with SDM

• Show security K9-bundle features such as firewall, VPN, and IPS configuration as part of the Cisco Security Manager demo

• Cisco Security MARS

• Provide UI overview and show total MARS capabilities

• Show them the logs: Firewall administrators “live and die” by the quality, accuracy, and real-time availability of the logs

• Show how Cisco Security MARS integrates with the rest of their infrastructure (net-work and host IPS and IDS, antivirus, router/switch syslog, NetFlow, Windows and host events, etc.)

• Show mitigation options

7

Appendix 2

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Cyprus • Czech Republic Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe

Copyright © 2006 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.(0601R)

C96-372759-00 10/06

Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 526-4100

European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-19 1101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel: 31 0 20 357 1000Fax: 31 0 20 357 1100

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 408 526-7660Fax: 408 527-0883

Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on theCisco.com Website at www.cisco.com/go/offices.