Road show chile 2010 v2

Notas del editor

• #7: We now have 2 main offices for Latin America - based in Sao Paulo (Brazil) and Buenos Aires (Argentina)The Brazilian operation that has merged with Logicalis, is now part of a holding company for the whole Latin American business. The operations in Argentina, Bolivia, Chile, Ecuador, Paraguay, Peru and Uruguay trade under the name of Logicalis (they have dropped the Softnet brand). In Brazil, the operation trades as PromonLogicalis.Logicalis is now the single largest independent network integrator for this region.
• #45: There is no question that the traditional corporate border is gone forever. In the past, applications, data centers and branch office networks were protected by perimeter devices such as firewalls and policy-based rule sets. The internet and attackers were outside the perimeter, although VPN and other technologies made it possible to grant controlled access for partners and customers. The perimeter was your line in the sand, where all your policies were set, and where your policy enforcement systems were located. Although it could be complex to manage this properly, this architecture was straightforward to understand and police. ------------------Cisco Promotion Points: Cisco Systems has about 350 partners with access through the perimeter. You can assume each partner has up to 350 partners of their own. Cisco had to move past the concept of the perimeter in order to secure its extranet.
• #46: However, the traditional network borders are disappearing. The way companies do enterprise computing and access information has changed, and will continue to change over the next five years. The two biggest architectural changes are mobility and cloud computing. A key driver behind mobility is the latest generation of smart phones, iPhones and handheld devices. These are internet-enabled, so they can access WebEx, Skype and YouTube. They may have VPN or other access into corporate applications. The mobile work force can now use laptops from home offices and coffee shops, as well as computers in airport kiosks. This is not just about email access – the mobile users and devices can now have the same capabilities as office systems. The browser and a vast number of powerful applets have radically expanded the things that can be accomplished remotely, and productivity is climbing. This productivity jump is a direct result of the connectivity and data sharing provided by the network. Yes, the device may have local data storage. Yes, there are security issues. But the huge increase in efficiency means that this genie is not going back in the bottle. More and more companies are spending time and energy around handheld computing. IT departments want to support new operating systems like Google Android, and are being asked to support platforms besides Windows. Cisco’s Borderless Network architecture provides security in this mobile, multi-platform, multi-vendor, multi-location environment. -------------------------------------------------------------------------------------------------------------------Cisco Promotion Points: Cisco helped build the internet backbone and corporate connectivity that makes data sharing possible.Microsoft is providing a new VPN technology in Windows, called Direct Access. While this competes against Cisco’s current and future VPN clients, Cisco supports Windows, Macs, BlackBerries, smart phones, iPhones and more, while Microsoft Direct Access supports Windows 7 only. Cisco shines in this heterogeneous environment.
• #47: The second big change is cloud computing. There are compelling reasons to move certain applications and services into the cloud. Cost savings and survivability are two main drivers, virtualization makes it easier to achieve and the network makes it transparent to users in any location. Typically the first wave of applications that we’ve seen move into the “cloud” included email. Email security is one of the apps that we’ve seen more of our customers, like you, having interest in.Another example is salesforce.com, a customer relationship management system. You can rent a Sun or Windows server for your own applications, and cut your management costs using Platform as a Service. Infrastructure as a Service could be a managed router environment, managed firewalls, or something else. These providers are specialists, and the savings from cloud computing can be substantial. But now you’ve got more users on more devices in more places in the network, and data residing in more places in the network. That’s a deadly combination for security. Consider what happens when your CFO uses a handheld to check your sales forecast at salesforce.com. That transaction, that connection never touches a firewall. It doesn’t touch a web proxy.
• #48: This is a diagram of the new, Borderless network environment we live in. Users, devices, cloud-based services and head-office resources are all accessible, but without traditional network perimeters. Cisco’s new architecture to secure this borderless network is able to restore the auditing, logging, access control, verification, malware policy and threat prevention. We’ve had to rethink how security is done, and how to accommodate this dramatic shift. We can help customers migrate to a protected network without borders, but this kind of security has to be “baked in” to the architecture and the products. Security as an afterthought is much less likely to restore the traditional levels of control. ----------------------------------------------------------------------------------Cisco Promotion Points: There is no single best practice for securing a Borderless Network – instead, Cisco’s new architecture is flexible and adaptable.
• #49: Cisco’s vision is around 4 pillarsFirst The borderless end zones – i.e. protecting the end user device from threats - whether it’s the smart phone, laptop, etc.Second is the Borderless Internet which is really the focus of this presentation. Central to this pillar is the cloud based as well as a unique “hybrid” deployment modelThe third pillar of the vision is the borderless data center where cisco’s vision is to provide security to the evolving data center. Aspects like inter-VM and intra-VM security are the areas where we are investigating.And finally the fourth pillar is that around policy. Our customers are telling us that regardless of the way information is accessed, they have to apply the same policies – whether it’s around access control, data security, acceptable use, etc.As you can see the cloud is the central to the strategy of Cisco’s SBN
• #50: Challenges in today’s IT are vast and diverse. IT budgets are flat or shrinking and these challenges are ever growing. This is driving the Enterprise toward hard requirements for firewall.These requirements include:A clear understanding of the threat environment which means a continuous update to software and security content to keep up with the latest threatsHigh performance platforms that are capable of keeping up with today’s traffic needs and allowing for growth as the threat environment evolvesFlexible deployment options to assure coverage of threats anywhere in the networkThat same flexibility of options applied to the new mobile teleworker and remote enviromentsSecurity applied to the latest voice and video communicationsAnd tying it all together with an operational model that make management effective and efficient
• #59: The CSIO piece that provides Cisco IronPort’s email security threat protection is Senderbase.It is the world’s first, largest and most thorough email & threat monitoring database. This chart illustrates some of the sources of senderbase information and the over 150 parameters we track in real time.- Global volume- Complaints, spamtraps- 3rd party blacklist and dynamic lists- Results of content filter scanning for spam and viruses- URLs with known risks of spamvertising, viruses, spyware- Website composition to look at suspicious payloads or known bad files- Domain registration information- Look at linking reputation of sites through hyperlinksBy having real time insight into this data we can see threats before anyone else in the industry and protect our customer base.Some of this information is available to the public at www.senderbase.org
• #60: At Cisco, we pioneered the whole conceptof reputation filtering that relied on the depth of email security data collected from a wide deployment sensor.However as the threat landscape has evolved, so have our techniques. The result is CSIO – Cisco Security Intelligence Operations – industry’s leading threat data base that gathers information from a wide variety of threat sources and converts them into dynamic rules to protect our customers in real time from new and evolving threats.The reason why CSIO is industry leading is because of the breadth and depth of threat information that we harness through it.By leveraging the rich security portfolio that Cisco has – comprised of both network security and content security offerings – we have effectively converted this broad deployment into – what we call sensors.These sensors send us anonymous threat data that gives us the vast visibility into the threat landscape. These sensors include web security sensors, email security sensors, IPS devices as well as firewall devices – providing threat information from various parts of the layers in the networking stack.To give you a sense of the breadth and depth of this sensor netwrok – we have visibility into 30% of the global email data base, we have more than 700,000+ devices on the network security side.
• #63: Lets shift gears from inbound email protection to outbound email controlCustomers today are faced with a number of different challenges Ensuring compliance with regulations like HIPAA, PCI, etcOr protecting trade secrets, confidential data, etcEmail is the primary vector of concern for organizations and hence it is important to discuss the variety of technologies that Cisco IronPort has for the email security infrastructure that help customers detect incidents and apply appropriate remediation to those incidents.That’s where the DLP and Encryption technologies from Cisco help. We are the industry’s first vendor that has a comprehensive DLP and Encryption solution available in the cloud only deployment model. This provides customers who’ve made the choice to move to the cloud a great solution to maintain regulatory compliance and adherence to company Acceptable Use Policies.The first step is one that allows customers to detect events.And on detecting events, the email security deployment can be configured to perform a number of different remediation options including encrypting the email, dropping the attachment, cc-ing to an HR/Legal inbox etc.
• #64: To explain how easy our secure messaging solution is, we will first show you how simple it is for the senders, then the receivers. The first is sending a message. The thing you want to convey here is that customers can instantly deploy PXE with a simple feature key, no additional management overhead. An email that is detected is as being required to have encryption would automatically be enrolled into the key management system, which is provided via Cisco registered envelope service hosted in the Cisco cloud. Then that message is pushed to the end-user and that end-user would retrieve the key from the Cisco registered envelope service and render that message in their browser. This provides for a host of center controls, because the fact that that message’s key is stored in host fashion. The sender can log-in to the registered envelope service and deal with tracking, secure, reply, recall and so on. And what makes this really powerful is the fact that we, meaning Cisco, never actually store that email message. All we are doing is storing the key, making it a high-performance, high-secure model for managing secure email.
• #72: HTTP is the New TCPOne can be reasonably sure that, no matter what the other firewall settings, Port 80 and Port 443 will be open. It’s the 24x7 path into and out of every enterprise.This is driven by business critical content and applications on the web. The secondary effect is that other applications, such as FTP, SOCKS, IM, P2P, and Video are also shifting to tunnel over HTTP to take advantage of the ubiquitous access.Result: HTTP now dominates at the enterprise edge, carrying numerous applications and types of information. In some cases, up to 90% of traffic traversing the enterprise edge is HTTP.This creates new security challenges for enterprise IT.ORFirst objective: establish the problem set and the concept of the Secure Web Gateway as the solution.Important to set this framework for the customer conversation: while we may not have the world’s best web proxy or the world’s best URL filtering, we do have the world’s best Secure Web Gateway. Establishing this framework helps qualify customer priorities vs our value prop, and helps position us for success relative to vendors focused on subsets of the problem space.Web has become the ubiquitous path into enterprises – and it’s overloaded with different applications and content that businesses want to handle differently.Saas applications like Saleforce and Netsuite; rich collaboration apps like WebEx; information discovery—researching prospects, learning about competitive products and market trends, or catching up on today’s news. The idea of locking down web access is unthinkable.And this has driven a second trend: taking advantage of that pipe in and out to tunnel apps over HTTP. A few years back, P2P apps like BitTorrent dominated Internet backbone traffic. Today that’s been replaced by HTTP-Video—the YouTube effect plus ubiquitous access. IM clients traversing the edge also tend to use HTTP more and more today, e.g. Yahoo releasing Yahoo Web Messenger. Legacy SOCKS applications transitioning to CONNECT.Result: HTTP now dominates at the enterprise edge, carrying numerous applications and types of information. In many ways, it has become the new TCP at the enterprise edge.
• #73: While the challenge has become multi-dimensional, the policy issues remain the same:There is a need to apply access controls to ensure the right people have access to the right parts of the network and applications.Acceptable Use controls for compliance and productivity, to ensure employees are using the web resources appropriately. Threat Protection to block all the bad stuff like malware, botnets, intrusions and spam from coming into the network.And finally data protection to ensure that confidential information is not getting out into the open or into wrong hands, either inadvertently or with a malicious intent.
• #75: Cisco IronPort Dynamic Vectoring and Streaming (DVS) engine
• #77: For maximum efficacy, a Secure Web Gateway needs to examine traffic at both the network layer and the application layer. Furthermore, a Web security appliance needs to combine signature based analysis as well as traffic based or "reputation" analysis to distinguish legitimate traffic from hostile spyware or malware. And it needs to deliver this without introducing any degradation in the end user browsing experience.The IronPort S-Series represents the next generation of Web technology, leveraging techniques developed for Web proxy caching but built from the ground up for security. Built on IronPort's proprietary AsyncOS operating system, the S-Series appliance offers extremely high performance scanning of Web content at both the network layer and the application layer using both signature and reputation based filtering. The IronPort S-Series Web Security Appliance is the industry’s first and only Web security appliance to combine traditional URL filtering, reputation filtering and multi-vendor anti-malware filtering on a single platform. This squarely addresses the growing challenges of both securing and controlling Web traffic while enjoying a low Total Cost of Ownership (TCO). Enterprise-class management and reporting tools deliver ease of administration, flexibility and control, and complete visibility into policy-related and threat-related activities.
• #90: Choice also takes the form of flexible deployment options leveraging the same market-leading email security technologyCustomers can now choose from hosted, hybrid hosted, managed appliances or self-managed appliances based on the form factor that they preferCisco can leverage our data center to host all or parts of the equipment, can out-task manage the devices on the customer premise, or divide the control between the cloud and customer premise.Regardless of the deployment option, customers retain co-managed access while maintaining a common policy, centralized reporting and consistent protection
• #91: Let’s look at the various deployment optionsFirst is dedicated hosted email securityHere the email security devices reside in the Cisco data center minimizing the customer’s data center requirementsThe dedicated nature of the service ensures that the customer’s sensitive data is not leaked and eliminates the “shared fate” risk of critical outagesThe customer can be assured of spam growth headroom with future capacity assurance. Meaning that Cisco will take the necessary steps to scale the infrastructure behind the seems to provide the highest level of service for the rated user count.DIAGRAM: In the diagram you can see that both the inbound and outbound filtering is done on the appliances hosted in the Cisco data center. After removing inbound spam and viruses, the clean email is passed to the customer.
• #92: Next, let’s look at the Hybrid Hosted email security offeringThis solution divides the control between the “cloud” and the customer premise. The inbound filtering is done in the Cisco cloud prior to the traffic entering the customer premise. Outbound control policies are applied on the customer premise where customers want to prevent the leakage of sensitive information or to encrypt the email traffic to ensure security and confidentialityNOTE: Emphasize what we are, best of both worlds. Scalability, consolidated reporting. First vendor to deliver – others make the claim but we are actually the first ones to pull it off.
• #93: And lastly, let’s look at managed email security which provides the highest level of out-taskingThe Cisco Remote Management Services provides vigilant 24x7 remote management and monitoring on behalf of the customerProvides a predictable cost model that the CFO will appreciate.Email continues to flow through the on-premise infrastructure where both inbound and outbound filtering is applied. Cisco RMS accesses the on-premise appliance via a VPN tunnel delivered by the dedicated VPN router