CSA Battle Card

Front

Whenever you hear«
Viruses and worms cause repeated outages, and emergency patching adds more disruption and expense. We would like to implement Quality of Service routing for apps like Softphone, but we don¶t trust the endpoints not to abuse QoS. I love the idea of IPS blocking attacks in the network, but think that we need more accurate signatures.

«think CSA
USSTI_Comm_Creating A Solution Roadmap © 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

1

CSA (Back of the Card)
What It Does
‡ CSA protects desktops and servers against Zero-Day virii, worms,
spyware, etc. without requiring any updates ‡³Trusted QoS´ uses CSA to identify mission-critical or VoIP data flows, and NAC tells the routers it can trust the QoS marking because CSA is preventing unauthorized apps from ³cheating´ ‡CSA sends endpoint information to IPS 6.0, increasing the signature ³fidelity´ and making the signature ³Risk Rating´ more effective

Protect

Detect

Respond

Value Proposition Key Points   

‡ Reduces ³emergency patching´, reducing patchrelated downtime and man-hour expense ‡ Easy way to provide QoS services for missioncritical or voice apps, while preventing ³cheating´ by undesired apps (Bittorrent) ‡Increases signature fidelity of IPS signatures, allowing more attack blocking in the network without false positives

Success Story Proof Points
‡ CSA stopped the Zotob worm at Westinghouse Electric: "In May, we saw a day-zero virus that was morphing twice a day. We were right on the forefront of the attack. We could see these things hitting, but they weren't bringing us down, because Cisco Security Agent was stopping them.³
-Thomas Moser, Manager of Information Technology Services, Westinghouse Electric Company

CXO Objection
‡ ³Are you saying I don¶t have to patch my systems?´ ‡³I can turn QoS on today in routers and switches.´

Your Response
‡ You patch on your own schedule, and not in ³fire drill´ mode. ‡CSA eliminates the need to understand the applications and ports used, reducing deployment and ops costs. ‡Most mission-critical apps don¶t, and some others (Bittorrent) might. CSA ensures QoS is used when needed, and no other time

‡CSA Protects Siemens Energy and Automation: "There is a lag time between when we get an update from [the antivirus vendor] and when we can push it out. We have between eight and nine hundred employees who work mostly remotely and don't connect to our network very often. Keeping those people updated was a huge challenge."
- Kathy Taylor, information security officer, Siemens E&A
USSTI_Comm_Creating A Solution Roadmap

‡Softphone already marks data packets with QoS

What is the closest link to CSA?

NAC/CCA
2

CSA protects the endpoint and NAC/CCA protects the network. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential