Cisco Security Portfolio

Backed by the industry’s best threat intelligence

Web/URL Network Analysis Email Malware/Endpoint DNS/IP Network Intrusions

III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 Accurately identify

Threat intelligence researchers
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0 and block known threats

00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 Analyze activity related to
Analyze network telemetry
II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00 suspicious payloads

II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I Detect and block threats
Threat processing centers
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 in email messages

00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 00 Block access to known or suspected
Threat intelligence partners
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0 malicious web sites
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco’s Comprehensive Security Portfolio

World-class Consistent policies Integrated security

security controls and visibility portfolio

Secure Firewall Threat Defense Secure Firewall Management Center Secure Access by Duo

Secure Firewall ASA Secure Firewall Device Manager Secure Endpoint

Cisco Defense Orchestrator Cisco Identity Services Engine

Secure Network Analytics Umbrella

XDR Secure Email

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 5
Cisco’s Comprehensive Security Portfolio

World-class
security controls

Secure Firewall Threat Defense

Secure Firewall ASA

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 6
Secure Firewall Appliances
Supporting your choice of FTD or ASA software
Stand-alone device: Stand-alone device: One Module:
10-45 Gbps* AVC+IPS 15.5-53 Gbps* AVC+IPS 55-70 Gbps* AVC+IPS
8 node cluster: 16 node cluster: 16 node cluster:
880 Mbps* AVC+IPS 2.3-4.9 Gbps* AVC+IPS 2.6-10.4 Gbps* AVC+IPS Up to 288 Gbps* AVC Up to 680 Gbps* Up to 950 Gbps* AVC+IPS
+ IPS AVC+IPS

FPR 4110/12/15/25/45 FPR 9300 Series

SM-40
SM-48
3105New/3110/20/30/40 SM-56

FPR 2110/20/30/40

FPR 1120/40/50
FPR 1010

SMB Branch Mid Data Service

Office Enterprise Center Provider

*1024-byte packet size

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 7
Adaptive Security Appliance (ASA)
Robust and effective firewall with stateful inspection and VPN functionality

Firepower hardware and ASA Stateful Firewall OS

• Key Benefits
• Basic inspection (L2-L4)
• Simple 5 tuple-based rules
• Multi-Context
• VPN load balancing

• Features
• Remote Access and Clientess VPN
• EzVPN, IKEv2/L2TP, DTSL1.2
• Site to Site VPN
• SSO with SAML, DAP
• Routing, CG NAT, QOS

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 9
What is Secure Firewall Threat Defense (FTD)?
Delivers nearly 100% efficacy on blocking malicious flows and guards the
network against threats
• Key Benefits
• Tenant management separation
• Scale as you grow
• Impact analysis
• Prioritize administration
• Features
• Firewall
• Intrusion Prevention
• Integrated TLS Decryption
• VPN
• Cisco Threat Intelligence Director
• Malware Continuous Analysis with Retrospection
• QUIC Fingerprinting

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 8
Cisco’s Comprehensive Security Portfolio

Consistent policies
and visibility

Secure Firewall Management Center

Secure Firewall Device Manager

Cisco Defense Orchestrator

Secure Network/Cloud Analytics

SecureX

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 10
Management Designed for the User
Flexibility of cloud or on-premises options

Firewall Management Center Firewall Device Manager

On premise centralized manager Cloud-delivered centralized manager via On-box manager

Cisco Defense Orchestrator NetOps focused

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 11
What is Firewall Management Center (FMC)?
On-premise, centralized management for multi-site deployments
• Key Benefits
• Manage across many sites
• Control access and set policies
• Investigate incidents
• Prioritize response
• Available in physical and virtual options
• Features
• Multi-domain management
• Role-based access control
• High availability
• APIs and pxGrid integration
• Policy & device management
• Endpoint
• Security intelligence

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 12
Cisco’s Comprehensive Security Portfolio

Consistent policies
and visibility

Secure Firewall Management Center

Secure Firewall Device Manager

Cisco Defense Orchestrator

Secure Network Analytics

XDR

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 13
Effective security depends on total visibility

Know See Understand what is Be alerted to Respond to

every entity every conversation normal change threats quickly

HQ
Branch Cloud

Roaming Users Admin Network Data center Users

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 14
 Secure Network Analytics
Global threat intelligence
(powered by Talos)
Multilayered machine learning
Intelligence of global threat campaigns mapped to local
Combination of supervised and unsupervised techniques to alarms for faster mitigation
convict advanced threats with high fidelity

Behavioral modeling Data collection

Behavioral analysis of every activity
Rich telemetry from the existing
within the network to pinpoint anomalies
network infrastructure

Secure Network Analytics

Encrypted traffic analytics

Malware detection without any decryption using enhanced
telemetry from the Cisco devices

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 15
Cisco’s Comprehensive Security Portfolio

Integrated security
portfolio

Secure Access by Duo

Secure Endpoint

Umbrella

Cisco Identity Services Engine

Secure Email

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 16
 Every
Application

How Duo delivers

Zero Trust for
your Workforce
Duo protects organizations Visibility &
Policies
by verifying the identity of users
and the health of their devices before
connecting to the applications they need

Trusted Trusted
Users Devices
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Informat ion 17
Secure Any Corporate Application

Proprietary Apps Internal

(APIs) Applications (VPNs)

Microsoft Cloud
Environments Applications

Cloud Web
Services Applications

Unix Devices (SSH SAML 2.0

Sessions) Applications

Integration documents are available at duo.com/docs

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 18
Assess Mobile Device Posture without MDM

• Check if mobile devices are up-to-date

• Verify encryption and passcode lock

• Check if devices are jailbroken or tampered

• Works for managed and unmanaged mobile devices

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cisco’s Comprehensive Security Portfolio

Integrated security
portfolio

Secure Access by
Duo
Secure Endpoint

Umbrella

Cisco Identity Services Engine

Secure Email

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Continuous analysis and retrospective security
• Identify a threat's point of origin Monitor and Detect

• See what it is doing

• See where it's been
• Surgically target and remediate
• Track its rate of progression
and how it spread

Data recorded over time

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
The multiple dimensions of prevention
Secure Endpoint monitors file I/O operations (copies, moves, executions, etc.) on the endpoint and uses cloud-
Cloud-based delivered verdicts to block malicious activity automatically, based on your policy settings. In addition to one-to-one
reputation lookup lookups based on SHA256 hash, other engines look for malware-like characteristics. (Note that the ”cloud” in this
case can be either the public cloud, or an on-premise Cisco Secure Private Cloud appliance.)

For extra depth of coverage, as well as a level of protection in case cloud lookups are not available (endpoints
Offline running while disconnected from the Internet), the “offline” engine provides traditional signature-based antivirus
protection protection as well.

Many modern attack methods are specifically designed to evade classic file-based antimalware defenses. The Exploit
Memory-based/ Prevention engine is a memory-based defense that detects and prevents attempts to manipulate the memory space
fileless attacks of legitimate running processes (e.g., injection attacks). Command-line visibility and Script Protection are designed
to catch script-based or interactive attacks that evade typical defense methods.

Behavior-based Several detection engines in Secure Endpoint are dedicated to identifying malicious behavior patterns. The Malicious
Activity Prevention engine is focused on time-sensitive detection and blocking of ransomware-like activity, and the
detection Behavior Protection Engine provides a flexible way to deliver patterns of attack behavior from the cloud to the
endpoint to interdict a multi-step attack.

Network flow The Device Flow Correlation (DFC) engine looks for outbound network connections to IP addresses that are
associated with malware or command-and-control activity, and also supports custom block and allow lists.
correlation

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Cisco’s Comprehensive Security Portfolio

Integrated security
portfolio

Secure Access by Duo

Secure Endpoint

Umbrella

Cisco Identity Services Engine

Secure Email

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Cisco Umbrella Visit our website to learn more

Cisco Umbrella

Secure
DNS-layer Cloud-delivered Cloud access
web
security firewall (w/ IPS) security broker
gateway

SecureX
Integrated
Interactive Remote
Data loss Cloud malware security
threat browser platform
prevention detection
intelligence Isolation

SD-WAN On/off network devices

Meraki MX Viptela

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
DNS-layer security
First line of secure internet defense

Deploy enterprise wide in minutes

Safe Blocked
request request
Block domains associated with malware,
phishing, command and control callbacks
anywhere

Stop threats at the earliest point and

contain malware if already inside

Amazing user experience —

faster internet access
SD-WAN ON/OFF NETWORK DEVICES

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Umbrella SWG Internet/SaaS
Multiple functions and SaaS app
e.g. O365
aggregated reporting in
one cloud console Direct

• Malware scanning includes two anti-virus engines and

Secure Endpoint (AMP) lookup
• File type controls Umbrella SWG
• Full or selective SSL decryption
• TLS 1.3 native support
Tunnel (IPsec)
• Category or URL filtering for content control Cisco Secure Client (AnyConnect)
PAC files
• Secure Malware Analytics (Threat Grid) file
Proxy chaining
sandboxing
• App visibility and granular controls
• Full URL level reporting
On/off network devices

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Cisco’s Comprehensive Security Portfolio

Integrated security
portfolio

Secure Access by Duo

Secure Endpoint

Umbrella

Cisco Identity Services Engine

Secure Email

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
ISE Provides Zero Trust for the Workplace
Enterprise Security

Endpoints Network Devices Cisco ISE Identity Services Security Services

• Users • Switches • Standalone ISE • Azure/AD/LDAP • Cloud Analytics
• Devices • WLCs / APs • Multi-node ISE • MDM • Secure Firewall
• Things • VPN • VM/Appliance • SAML/MFA • Partners

ISE
Cisco DNA Center

28
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why Customers Buy ISE
TACACS+ Migrating from Cisco Secure ACS or building a new Device Administration Policy Server, this allows for
Device Administration secure, identity-based access to the network devices

Allow wired, wireless, or VPN access to network resources based upon the identity of the
Secure Access user and/or endpoint. Use RADIUS with 802.1X, MAB, Easy Connect, or Passive ID

Differentiate between Corporate and Guest users and devices. Choose from Hotspot, Self-Registered Guest, and
Guest Access Sponsored Guest access options

Use the probes in ISE and Cisco network devices to classify endpoints and authorize them
Asset Visibility appropriately with Device Profiling. Automate access for many different IoT devices

Use agentless posture, AnyConnect, MDM, or EMM to check endpoints to verify

Compliance & Posture compliance with policies (Patches, AV, AM, USB, etc.) before allowing network access

ISE pxGrid is an ecosystem that allows any application or vendor to integrate with ISE for endpoint identity and context
Context Exchange to increase Network Visibility and facilitate automated Enforcement.

Group-based Policy allows for segmentation of the network through the use of Scalable Group Tags (SGT) and
Segmentation Scalable Group ACLs (SGACL) instead of VLAN/ACL segmentation.

ISE integrates with DNA Center to automate the network fabric and enforces the policies throughout the entire
Cisco SDA/DNAC network infrastructure using Software-Defined Access (SDA)

Allow employees to use their own devices to access network resources by registering their device and downloading
BYOD certificates for authentication through a simple onboarding process

Using a Threat Analysis tool, such as Cisco Cognitive Threat Analytics, to grade an endpoints threat score and
Threat Containment allow network access based upon the results

29
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco’s Comprehensive Security Portfolio

Integrated security
portfolio

Secure Access by Duo

Secure Endpoint

Umbrella

Cisco Identity
Services Engine
Secure Email

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Providing layers of defense

Sender rep Who? What? Right IP? Signed? Sender spoof Local intel identity
geo-location Where? How? Aligned? trust
Acceptance Anti-spam DMARC, DKIM Forged Email Detection Advanced Phishing
Controls and SPF Protection

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Reduce your exposure to the four main components of
an email attack

Sender

Attachments

www.url.co URL’s
m

Email Content

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Integrations
Continuous Inspection
Duo and Cisco Secure Endpoint work together to provide stronger access
security

Users use their devices to accessCisco Secure Endpoint running Cisco Secure Endpoint notifies Duo blocks that device
application on the device detected Duo about the infected device from accessing apps
malware

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Information 34
Secure Network Analytics and network access integration
Secure Network Analytics integrates with ISE
Cisco Identity Secure
to get mitigation capabilities and apply different ANC
Services Engine Network Analytics
policies to an endpoint
Device Id Trustsec name
Domain Id Last update time
pxGrid Active InterfaceDevicePortId
Start active time InterfaceDeviceIp
Endpoint IP Vlan
Username MAC address
SGT Tag Session ID
Network Access services Secure Network Analytics visibility
and classification Info from ISE

Secure Network Analytics also integrates with ISE-PIC

using pxGrid to get endpoint contextual information

Active Username
Start active time Last update time

Info from ISE – PIC

35
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Malware analytics
Network security
Detect once, block everywhere solutions
Edge Security 3rd party
monitoring integration
platforms

Suspicious
Suspicious
Firewall Network file
file
& UTM security
SIEM

Secure Secure
Email Web Deep packet
Malware Analytics
inspection
Analysis
Premium
report
content feeds

Endpoint Gov, risk,

Analytics
security compliance
Static Dynamic
Endpoints Security teams
analysis analysis
Threat
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
intelligence 36
 Cisco Secure Client
suite of security service enablement modules

• AnyConnect VPN (Core)

• Network Access Manager (NAM)
• ISE Posture
• HostScan (aka: ASA posture) (No UI)
• Secure Endpoint (AMP)
• Umbrella Module
• Cloud Management Module (No UI)
• Network Visibility Module (NVM) (No UI)
• Diagnostics and Reporting Tool (DART)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
XDR
What is eXtended Detection and Response?

Collection of detections and raw Application of advanced Guided responses across

telemetry from multiple sensor analytics to the collected multiple control planes to
technologies across your and normalized evidence to quickly and effectively contain,
environment produce correlated and mitigate, and eradicate the
prioritized detections threat.
of malicious activity

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 An XDR is as good as its outcomes
How good are we at
detecting attacks early?
1 Detect Sooner

How quickly are we able to

understand the entry
Extend Asset Context 2 vectors and full scope of
Where are we most attacks?
exposed to risk? Are
we prioritizing the attacks 3 Prioritize by Impact
that represent the largest
material impacts to our
Do we have full visibility into
business?
all our assets?
Reduce Investigation Time 4 Can we reliably identify a
device and who uses it?
How fast can we confidently
respond? How much can
SecOps automate? Are 5 Accelerate Response
we improving our time to
respond?
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 High level architecture
Extended Detection Response

Cloud
Raw Telemetry
Behavioral Analytics Guided Playbooks
User Triggered
Network
Events Anomaly Detection
Automated Workflows
Email Attack Chaining Incident Triggered
Amazon Threat Intelligence Pivot Menu Actions
GuardDuty
Identity Incident Creation
Scheduled
Enrichment Incident Prioritization Solution Agnostic
Microsoft
Defender Firewall
For Endpoint
Automation Rules
Device Context Rapid Containment
Endpoint
Automatic Enrichment

Multi-vector telemetry ingest network, Cross domain alert detections and attack Automated or user triggered responses to
cloud, endpoint, email, and more from Cisco chaining with automated incident block observables using any integrated
and 3rd party prioritization and enrichment technology

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 Detections

XDR Analytics detections from raw telemetry

Behavioral analytics Cloud Alerts Global Threat Alerts Talos threat intel
• Endpoint NVM detections • Alerts tailored to AWS, • Machine learning based • Malware classification
• Anomaly detection GCP and Azure threat detection • Knowledge and correlation
through statistical learning • Leverage native cloud • Intel gathered from across of global campaigns to
• Role-based analytics security controls the Cisco ecosystem local threats
• Detect security • Detect threats within • Threatening IP, URL,
• Data movement analytics
relevant encrypted traffic without and domain
configuration changes decrypting communication
detections
• Assess your cloud security
posture
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential