1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY SAFE BENEFITS Changes conversation from point products to solutions Shortens time from planning to deployment Tested and validated architecture Detailed implementation guidance Integrated, collaborative defense-in-depth Supports new Cisco technologies Addresses real-world issues Provides full lifecycle services “We need help with moving from the concept of a systems-based security solution to actual design and implementation.” “We have a lot of separate security products, but no way to coordinate information or threat responses between them.” “We need better visibility into what is happening on our network.” “We need to make sure that our security strategy can meet the demands of the new ways we are doing business.” Cisco SAFE is a reference security architecture that provides prescriptive Cisco Validated Design guides that address the planning, design and deployment of security solutions for the unique requirements of the different places in the network, such as Campus, Internet edge, Branches, and Data Center. These blueprints also provide best practices guidance for securing critical data and transactions as they traverse the entire networked infrastructure. SAFE’s unique defense-in-depth approach blends security elements with the network infrastructure so that event and posture information is shared between devices to create greater visibility, and enhances threat control through responses coordinated under a common control strategy. Step-by-step network security design and implementation guidance shortens deployment Solutions-based approach focused on risk management rather than product placement Designed using the Cisco Security Control Framework to enable support by Cisco Lifecycle Security Services Layered security design helps prevent being overwhelmed by a large or unexpected attack Threat visibility and coordinated response reduces exposure and IT overhead Layered security + network architecture ensures business-critical services availability Modular design allows gradual improvement based on priority Delivers best practices and functions commonly required by regulations and standards 1.Do you have a security strategy that supports system- wide intelligence sharing and collaboration, or simply a collection of stand-alone security products? 2.Are your business processes well understood? Is your security strategy aligned with your business processes and strategy? 3.What business applications, services, and infrastructure changes are being deployed or may be deployed in the next several years? 4.Change the discussion from products to risk management: What are the risks associated with your specific business strategy, now and in the future? How do we reduce THOSE specific risks as much as possible? 5.What regulatory compliance mandates are required for your organization and what is the status on meeting them? Do you have a systems strategy to meet your security goals and maximize risk reduction. Worldwide Sales Enablement - QuickStart - Security Access the QuickStart for Security on Sales University or PEC for more resources.Sales University PEC

2 Top Customer ObjectionsThe Competition Security Control Framework Additional Resources Internal: External: Objection: “I don’t have the budget to completely overhaul my entire security infrastructure.” Answer: “SAFE is modular in design so you can prioritize improvements and focus on critical places in your network first.” Objection: “What do we do with our current deployment of non-Cisco security products.” Answer: “While SAFE designs can accommodate non-Cisco security products, it is critical that every component is reassessed in terms of its ability to support business objectives, increase threat visibility, exercise cross- network control, and minimize risk. Cisco services can provide a comprehensive assessment to help you prioritize changes.” Objection: “Isn’t there a risk with having all my security from a single vendor?” Answer: “SAFE’s defense-in-depth design combines layered best-of-breed security with powerful collaboration to provide maximum risk reduction.” Objection: “I don’t have the expertise to deploy something as comprehensive as SAFE.” Answer: “Cisco Lifecycle Security Services are available for every phase of SAFE implementation, from assessment and design, to deployment and management.” Legacy security competitors, such as CheckPoint and Symantec: Point products lack the ability to collaborate with other security devices or the network infrastructure. Because they are siloed in a single point in a network they provide limited threat visibility and control. Network security competitors, such as Juniper: Like point product vendors, devices such as Juniper’s NetScreen are still poorly integrated into the network, so they suffer from poor visibility and control. Furthermore, they often do not provide solutions for many critical business applications and services, such as virtualization or UC Cisco SAFE Strategy: Focused on solutions and risk management rather than products and features Fully tested and validated architecture based on best security practices that cover the entire network. Emphasizes collaboration between devices and PINS for increased visibility and control Designed to secure and enhance business- critical applications and services Maximizes customer value by providing design and deployment guidelines for Cisco platforms and capabilities. Worldwide Sales Enablement - QuickStart - Security Access the QuickStart for Security on Sales University or PEC for more resources.Sales University PEC CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE Data Center Campus WAN Edge Branch Internet Edge Ecomm- erce Cisco Virtual Office Virtual User Partner Sites Policy and Device Manage ment Security Solutions  PCI  DLP  Threat Control Network Devices  Routers  Servers  Switches Identify Monitor Correlate Harden Isolate Enforce VisibilityControl Secured Mobility, Unified Communications, Network Virtualization Network Foundation Protection Security Devices  VPNs  Monitoring  Admission Control  Intrusion Prevention  Firewall  Filtering Services The Cisco Security Framework provides a consistent policy deployment and enforcement strategy for the SAFE architecture to enhance visibility and control across each place in the network, and across the entire infrastructure Visibility: Identify and classify users, traffic, and devices Monitor and record events and behaviors Collect and correlate data from multiple sources Identify and detect anomalous traffic and threats Classify traffic to apply security controls Control: Harden network and endpoint devices Limit access and usage per user, application and device Protect against known and unknown threats Isolate users, systems, services, and applications Collaborative response to anomalous events Enforce access controls and security policies, and mitigate security events