Download - Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

Transcript
Page 1: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Borderless Networks and PCI compliance

Philippe Roggeband - [email protected]

Emerging Markets Borderless Networks

Page 2: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

One year ago…

In what could be the biggest security incident in history, Heartland Payment Systems announced on Tuesday 20th of January that it was the victim of a data breach that possibly compromised more than 100 million accounts after malicious software was found in its payment processingsystem.

Page 3: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

Philippe Roggeband - [email protected]

Emerging Markets Borderless Networks team

Borderless Networks and PCI Compliance

Page 4: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 4© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 4

Borderless Networks Security & PCI compliance

Agenda

Cisco’s approach to security

PCI Compliance overview

Cisco’s PCI Compliance solutions

Call to action

Page 5: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 5© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 5

Cisco Architectural Approach

Security Policy

Borderless Networks

Collaboration Virtualization

Product Portfolio

DesktopVirtualizationMulti-Stream

Video

WAASWireless

Switching

Routing

Security

Page 6: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 6© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 6

Anyone

Anywhere

Any Device

Any Resource

A Next Generation Architecture to Deliver the New Workspace Experience

BORDERLESS NETWORKS

The Transformation: The World Is Our New Workspace

Page 7: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 7© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 7

Changing Environment; Shifting Borders

IT Consumerization

Device Border

Mobile Worker

Location Border

Video/Cloud

IaaS,SaaS

Application Border

External-FacingApps Internal

Apps

Page 8: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 8© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 8

Securing Borderless Networks

Traditional Bordersare Blurred; Access

From Anywhere

Threats are Constantly Changing—Viruses and

Worms to Malwareto Botnet

Identity - Who Is Accessing the Network

and What TheyCan Do

How to Monitorand Enforce Global

Policies

Business Challenges

Where? What? Who? How?

Page 9: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 9© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 9

Criminal Specialization Driving More

Sophisticated Attacks

The Evolving Security Threats

Web Ecosystem Becomes Number

one Threat Vector

Criminals Exploit Users Trust, Challenging

Traditional Security Solutions

Creative Methods (Business

Models) Used to Attract Victims

9

Page 10: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 10© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 10

Building Secure Borderless Networks

Borderless Security Architecture

Network SecurityTrustedClient

Content Security

Appliance Hybrid HostedSecurity ModuleSoftware

Policy and Identity

Defend Extend Protect Comply

Cisco Security Intelligence Operations

Network Infrastructure

Page 11: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 11© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 11

Cisco Security Product Portfolio

Network SecurityTrustedClient

Content Security

Cisco Security Intelligence Operations

AnyConnect VPN Client

ISR

FWSM

Network AdmissionControl

ACE Web App Firewall

IPS 4200

Cisco Virtual Off ice

Cisco Security Manager

Cisco SecureACS

IronPort Hosted Email Security

IronPort S-Series

IronPort C-Series

Cisco Secure MARS

ASA 5500

IronPort M-Series

Policy and Identity

Page 12: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 12© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 1212

Cisco Security Intelligence OperationsPowering Cisco Security

SensorBase

700,000+ global sensors over four threat vectors

Historical library of 40,000 threats

500 third-party feeds, 100 news feeds,

open source, and vendor partnerships

Threat Operations Center

Automated tracking of over 200 parameters

SenderBase: categorizes and rates reputation

Global threat correlation

Advanced Protection

Automated rule and/or signature creation

Innovative virus outbreak filters

Fast Accurate Detection,Advanced Mitigations

Page 13: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 13© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 13

Defend

Defend AgainstThreats

Protect

Protect Business Assets

Extend

Secure Enterprise Connectivity

Comply

Achieve Regulatory Compliance

Cisco Solution Examples

Threat Defense Secure Remote Workforce

Data LossPrevention

Solutionfor PCI

Secure Borderless Network

Securing the Borderless NetworkThrough Systems and Solutions

Page 14: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 14© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 14

Overview of PCI standards

Page 15: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 15© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 15

Who does what ?

The PCI SSC sets the PCI DSS Standard

Each card Brand has its own program for :

Compliance

Validation Levels

Enforcement

QSA – Qualified Security Assessor

Assess compliance with the PCI DSS

ASV – Approved Scanning Vendor

Validate adherence to the PCI DSS Scan requirements by performingvulnerability scans of Internet-facing environments of merchants and service providers

SAQ – Self Assessment Questionnaire

Validation tool for organizations that are not required to undergo an on-site assessment for PCI DSS compliance

Page 16: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 16© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 16

Card brands websites

American Express:

www.americanexpress.com/datasecurity

Discover Financial Services:

www.discovernetwork.com/fraudsecurity/disc.html

JCB International:

www.jcb-global.com/english/pci/index.html

MasterCard Worldwide:

www.mastercard.com/sdp

Visa Inc:

www.visa.com/cisp

Page 17: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 17© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 17

The Payment Card Industry (PCI) Data Security Standard

Build and Maintain a

Secure Network

Protect Cardholder Data

1. Install and maintain a firewall configuration to protect data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect stored data4. Encrypt transmission of cardholder data and

sensitive information across public networks

Maintain a Vulnerability Management

Program

5. Use and regularly update anti-virus software6. Develop and maintain secure systems and

applications

Implement Strong Access

Control Measures

7. Restrict access to data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test

Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information

Security Policy

12. Maintain a policy that addresses information security

Page 18: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 18© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 18

PCI 1.2 Changes and ImpactNetwork Segmentation

Network Segmentation reduces PCI scope => reduces cost of audit => reduces cost to achieve PCI compliance

Network segmentation now needs to be proven effective

If ineffective, the segmentation does not apply, and the cardholder data environment is now expanded

Network segmentation with VLANs alone is no longer sufficient

Firewalls are necessary to segment wireless LANs out of the cardholder data environment

Page 19: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 19© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 19

Scoping with Segmentation

Determine Scope

Can scope be reduced with segmentation?

AuditPerformed

Did assessorvalidate segmentation

effectiveness?

IN PLACENOT

IN PLACE

No

Entire network is in scope for PCI DSS review

Yes

Assessor documentssegmentation in place and

effective

Scope limited forPCI DSS review

Entire Network Is in Scope

POSServers

Branch

Server Access

Storage

Data Center

inventoryServers

Server Access

WANAccess

CORE

Headquarters

Warehouse

Wide AreaAccelerated

Network

Only Devices Passing Card Holder Data Is in Scope

POSServers

Branch

Server Access

Storage

Data Center

inventoryServers

Server Access

WANAccess

CORE

Headquarters

Warehouse

Wide AreaAccelerated

Network

Page 20: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 20© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 20

PCI 1.2 Changes and Impact – QSA Audits

PCI Security Standards Council started QSA Quality Assurance Program in November 2008

QSAs (PCI Auditors) - more thorough due diligence during audit, need to provide more details in Report on Compliance (ROC)

Test compensating controls for effectiveness

Test network segmentation for effectiveness

Justify sample size selection

Page 21: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 21© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 21

PCI 1.2 Major Areas - Wireless

Wireless deadlines – in the cardholder data environment (CDE)

No new WEP installations after 31 March 2009

Existing WEP deployments must be decommissioned by 30 June 2010

Written into the PCI DSS 1.2 standard

Wireless Guidelines & Recommendations Published

Guidelines map to existing PCI DSS 1.2 standard

Recommendations may go above & beyond existing standard (wIPS for example)

Anticipate (but not guarantee) most of the recommendations will be incorporated into the next PCI standard revision

Page 22: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 22© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 22

Published Deadlines, Fines and Level Validation Changes

MasterCard Global PCI deadline is now Dec 31, 2010 for Level 1, 2, 3 Merchants and Service Providers

Level 1 & 2 merchants must use an external QSA for on-site audits. Level 2 merchants must also still complete and submit a PCI Self-Assessment Questionnaire

Service Provider (banks, payment processors) Tier 1 -transactions reduce from 1 Million transactions to 300,000 transactions

Fines for non-compliance (not breach) per calendar year

•Merchant Level 1 & 2, Service Providers - $25k, $50k, $100k, $200k consecutively

•Level 3 - $10k, $20k, $40k, $80k consecutively

Page 23: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 23© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 23

MasterCard/VISA PCI Merchant Levels

Level 1 Merchants

Category Criteria

Level 2 Merchants

Level 4 Merchants

One million to six million transactions annually (all channels)

Less than 20,000 e-commerce transactions per annually and all other merchants processing up to one million Visa transactions annually

Requirement

Merchants processing over six million Visa/MC transactions annually (all channels) or global merchants identified as Level 1 by any card brand

Any merchant that has suffered a hack or an attack that resulted in an account data compromise

Level 3 Merchants

20,000 to one million e-commerce transactions annually

Annual on-site audit by Qualified Security Assessor (―QSA‖)

Quarterly network scan by Approved Scan Vendor (―ASV‖)

Attestation of Compliance Form

Annual on-site Audit by QSA

Annual Self-Assessment

Quarterly Network Scan by ASV

Annual SAQ recommended

Compliance validation requirements set by acquirer

Annual Self-Assessment (SAQ)

Quarterly Network Scan by ASV

Source: http://usa.visa.com/download/merchants/cisp-bulletin-visa-pci-dss-framework-111808.pdf

Page 24: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 24© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 24

PCI Security Standards Council Board of Advisors – Cisco Member

Bank of America Exxon Mobil

Corporation

National Australia Bank

Banrisul S.A. First Data PayPal

Barclaycard Global Payments Inc Royal Bank of Scotland

Group

Chase Paymentech

Solutions Inc

JPMorgan Chase & Co Tesco Stores Ltd

Cisco Lufthansa Systems

Passenger Services

TSYS Acquiring

Solutions

Citrix Systems, Inc McDonald’s Corporation VeriFone

European Payments

Council

MICROS Systems, Inc Wal-Mart Stores, Inc

2- year commitment (May 2009 – April 2011)

Page 25: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 25© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 25

ISR Series

IP Video

Email Security

ASA 5500

IPS 4200

NAC Appliance

Firewall

VPN

IPS

NAC

Video Monitor

Email Security

Cisco Security for PCI

Page 26: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 26© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 26

Cisco Wireless Security for PCI

Mobility Services Engine802.11n Wireless Access

Points

Wireless LAN Controller

WPA/WPA2

Scan/monitor

wIPS

Device location

Device hardening

ISR Series with Wireless

Page 27: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 27© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 27

Cisco Data Center for PCI

Storage

Virtualization

FW

VPN

IPS

MDS Storage

Encryption

Nexus & UCS

WAN Storage

Encryption

ASA 5500

IPS 4200

Page 28: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 28© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 28

Cisco VLANs for PCI

ISR Series

802.11n Wireless Access

Points

Catalyst Switches

VLANs

Wireless VLANs

Page 29: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 29© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 29

Cisco Management for PCI

ACS – Access Control System Cisco Security Manager

(Provisioning)

Wireless Control System

(Provisioning)

AAA

Rule based Access

Centralized Provisioning

Page 30: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 30© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 30

Cisco Unified Customer Voice PortalSecurity for PCI

ASA 5500 ISR Series

Voice Self Service

Firewall

VPN

Application

Security

Catalyst Switches

Page 31: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 31© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 31

Cisco Validated Design Includes:

Cisco PCI Validated Architectures

Recommended architectures for networks, payment data at rest, and data in-transit

Tested in a simulated retail enterprise

Configuration, monitoring, and authentication management systems

Architectural design guidance and audit review provided by PCI audit and remediation partners

PCI Audit Partner

Retail Solution Partners

Validated DesignSmall Retail Store

Page 32: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 32© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 32

IdentitySecurity

Intelligence

IPS with Global

Correlation

Web

Security

Router

SecurityVPN

First to develop

and bring NAC

technology to

the market

Cisco TrustSec

delivers

security group

tagging for

RBAC

Simplifies

802.1x

deployments

with ―Open

Mode‖ and

―Flexible

Authentication‖

SenderBase®

Network the

world's first and

largest

reputation

database

SensorBase®

largest historical

vulnerability and

live network

security threat

feed

Virus Outbreak

Filters to detect

zero-day threats

First to

implement IPS

in modular

format in

switches/routers

First to use

global reputation

in threat analysis

Patented Risk

Rating system

Web Usage

Controls:

First to create

Dynamic

Vectoring and

Streaming

(DVS) for anti-

malware

defense

First to create

Dynamic

Content

Analysis (DCA)

to evaluate and

categorize web

content (even

hidden)

First to use

DTLS that

optimizes

connections for

latency-

sensitive traffic

First offer client

VPN on

Windows

Mobile Phones

First VPN

solution to

support the

iPhone

• Industry-leading

integration of

VPN, routing,

and QoS:

DMVPN, GET

VPN, SSL VPN,

and Easy VPN

• Embedded

security:

application

firewall, IPS,

and URL

filtering

• One-touch

lockdown and

security audit

Cisco Security Innovations

Page 33: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 33© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 33

$100M spent on dynamic research and development

250 certifications, 1000s publications, 25 books authored, and 100 security patents

80+ PhDs, CCIEs, CISSPs, MSCEs

Merging Innovative Security Technology with More Than 25 Years of Networking Expertise to Redefine Network Security

Investment Market

Solution Threat Intelligence

Over 20 million security appliances and 100+ million clients deployed

#1 enterprise security revenue over $2B

#1 in network security appliances: firewall, email security, NAC, router security

Comprehensive solutions: Layer 2 to purpose-built proxies

Validated industry solutions: PCI, SAFE Data Center, UC

Flexible delivery options: Appliances, security modules, cloud

Threat operations team: 500 analysts, five global locations

Largest sensor network: Millions of sensors

Broadest data footprint: Network and application level

LEADERSHIP

Cisco Security Market Leadership

Page 34: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network

© 2009 Cisco Systems, Inc. All rights reserved. Cisco public

Cisco Expo

Bratislava 34© 2009 Cisco Systems, Inc. All rights reserved. Cisco publicD 34

ExpectGet

Save

MOREBorderless Network

From Your

Increase Productivity

Focus on Strategic IT

Superior Customer Experience

Optimize Costs

Single Point of Service

Page 35: Borderless Networks and PCI compliancepalo/Rozne/cisco-expo-2009/Presentation - DA… · Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network