Cisco App Firstsec Competitive
Cisco App Firstsec Competitive
Cisco App Firstsec Competitive
Competitive Landscape
App-first Security
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution.
Cisco cloud-native and application-first security
solution
Stealthwatch DUO
Tetration AppDynamics
Cloud Beyond
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco application-first security solution
Partners
Cisco Services
CSPM: Threat
Zero Trust: APM: Application
CWPP: Application visibility and detection
Enable secure performance
segmentation and for private
workforce access t monitoring to
risk management networks and o stay complaint reduce risk
public cloud
Solutions
Stealthwatch DUO
Tetration AppDynamics
Cloud Beyond
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Acronyms
CWPP – Cloud Workload Protection Platform
"The future of most enterprise data centers is a hybrid, multicloud architecture. Require CWPP
offerings to protect physical machines, VMs, containers and serverless workloads — all from a
single console and managed from a single set of APIs, regardless of location."
Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, Tom Croll 2020
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 4
Acronyms
IDaaS – Identity as a service
Gartner describes the difference between IAM Managed Service and IDaaS as follows: “IAM managed
services are distinct from identity as a service (IDaaS): managed services provide only
management and operation of customer-owned IAM software and infrastructure, while IDaaS
bundles the software and operation into a commoditized service that is provided on a subscription
basis.”
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 5
Competitive Landscape (App-First Security)
CWPP/ Zero Trust (IDaaS/Access)
Micro-segmentation
CSPM APM
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 7
Guardicore Workload Security
Differentiators Weaknesses
• Ability to block processes with their own firewall
• Blacklist model (keeps only the known "bad" out)
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 8
Why Cisco?
• Tetration v Guardicore: Segmentation
• Tetration does not have nano segmentation at the Process level
• Guardicore does not enforce policy using native host • We rely on process information to define
firewall segmentation policy, but do not rely on process to enforce
• Native firewalls are extensively tested by the OS policies. Policy discovery is key in our case.
vendor and used in production by numerous existing
applications. Performance characteristics and
• Tetration does not have process-based segmentation for
functionality are well understood and easily verifiable dynamic port application
• We do not rely on known process identity for dynamic ports.
• Tetration does not require loading vendor code into Kernel We derive port ranges through machine learning from ADM
• Tetration agent runs in user space, significantly which is as effective and a more general solution
reducing risk of kernel panics and system instability.
Loading binary Kernel modules can introduce security
risks, and may cause support issues with upstream
Why We Win
Linux distributions. Agent qualification time may be
increased, suffer compatibility issues or stronger 1. Tetration is better for large scale environments
pushback from app owners 2. Tetration is a allow list model, only lets in the known "good"
3. Keeping flows for a long time ensure policies are great
4. Automatic policy creation compared with more manual process
5. Customer installed base and local support from partners
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 9
Illumio Workload Security
Differentiators Weaknesses
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 10
Why Cisco?
Marketing Overview
SaaS and On-Prem
• Illumio calls itself an Adaptive Security Platform -
Tetration security for application and workload by segmentation
• SaaS: Fully automatic and transparent • Illumio plays on the smaller end while Tetration is able to scale
to operationalize segmentation for large numbers of workloads.
• On-premise: Redundant appliance configured as a hot-
standby. Configure once automatic replication. Current • Illumio cannot meet the needs for larger businesses
RTO 4 hours. Enhancing to 15 minutes in future releases
with automatic failover of agents. Why we win
Illumio 1. Automation – Micro-segmentation is hard; we
automatically recommend white-list policies to enforce across
• SaaS: No viable production SaaS offering at scale. all workloads by mapping application dependencies with
automated tagging.
• On-premise: Highly manual.
2. Scale, visibility– Have more options to scale as you'd like
SaaS
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 11
VMware NSX-T
Differentiators Weaknesses
• It takes the capabilities of 2 of their products
(NSX and AppDefense) to compete with Tetration
• NSX-T is making progress towards multi-environment
but it’s still early days. Customers need to be ready got
Cloud Native Services
• AppDefense: Social assurance for Threat requires a
large number of customers to make sense. We have
been doing this through Talos for a long time. (They
won't have as much social assurance data as Cisco has)
• First company to really market micro-segmentation • AppDefense will only work in a VMW environment – no
with NSX, customers view them as a leader in the cloud, no bare metal
space often
• They offer a solution which is easy to implement in a
virtualized environment, doesn’t require network
changes
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 12
Why Cisco?
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 13
Top Differentiators & Weaknesses
Differentiators Weaknesses
• PAN acquired a slew of interesting companies like • Prisma Cloud is not integrated with the rest of the PAN
Twistlock which was already a leader in cloud security solution. There is an external integration option
workload protection to build out Prisma Cloud. with Cortex XDR for analytics but there is no correlation
Easy to deploy and manage with events from other PAN products. It would be similar
to any other integration like a Splunk.
• Prisma cloud offers cloud-native protection for a
wide range of workloads including serverless • The on-prem compute edition is a standalone edition and
(covered by PureSec) and applications. does not correlate or integrate with the Prisma Cloud
edition and does not share the policies either.
• Prisma cloud also offers compliance (via Redlock)
integrated and as part of the basic sku. The • The logging of Prisma Cloud is separate from the rest of
compliance framework is very well put together the solution and so is suitable for cloud native customers
mapping each policy to a standard based but not large enterprises who have multi cloud hybrid
compliance rule. deployments.
• There is a compute edition available for on-prem • Pricing is expensive
workloads.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 14
Why Cisco?
Why We Win
1. Tetration is better integrated with the rest of the Cisco security solution compared to Prisma Cloud which does
not integrated with the rest of the PAN portfolio. For example, SecureX orchestration could be used to enforce
policy across events correlated from Tetration, Stealthwatch cloud and Cisco NGFW (FTD) delivered through a
singular efficient workflow whereas Prisma Cloud has nothing to this effect. The same applies to visibility of
events ingested from across the breadth of the security portfolio.
2. Multi cloud and hybrid cloud deployments cannot be secured by Prisma Cloud vs Tetration which provides a
unified view of on-prem and cloud workloads and unified policy framework for all workloads irrespective of
where they reside.
3. When it comes to applications, Cisco Tetration offers App discovery, Application dependency mapping (ADM)
and app centric policy definition unlike Prisma Cloud which merely maps processes for analytics. The ADM
and app discovery also results in faster deploy and time to buy metrics for customers.
4. With Tetration, microsegmentation is a breeze and easily configurable. Tetration also uniquely positions itself
as a central component of the Cisco Zero Trust solution. Prisma cloud on the contrary would eventually cater
to the microsegmentation use case with its Aporeto acquisition but today, Aporeto is not part of Prisma Cloud
and it is not supported.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 15
CSPM (Cloud Security Posture
Module) Competitors
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 16
CSPM delivered features
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 17
Top Differentiators & Weaknesses
Differentiators Weaknesses
1. Prisma Cloud Compliance (RedLock) is designed as
a compliance tool, so threat detection and alerting is
very limited.
1. Feature rich with asset monitoring across all 3. Focus remains on (mis)configuration, not on actual
cloud workloads including containers, breach detection
serverless, PCF etc.
4. While the term “AI” is tossed around a lot, RedLock
2. Rich compliance policy framework with support has a hard time explaining how they are actually
for all major compliance standards able to detect threats using AI and behavioral
analytics
3. Integrated offering with Cloud Workload
Protection capabilities (containers and 5. Very limited context around alerts and detections;
serverless) investigations are limited to surface information
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 18
Why Cisco?
Why We Win
1. Stealthwatch Cloud is better integrated with the rest of the Cisco security solution compared to Prisma Cloud
which does not integrated with the rest of the PAN portfolio. In particular, SWC logs and Cisco Security
analytics and logging (SAL) logs reside in the same data lake and the outcome from this unified data set
provides far better and informed analytics as compared to siloed cloud native only offering.
2. Stealthwatch cloud is a Network Performance monitoring and Analytics tool which has superior threat
detection and alerting capabilities when compared to Redlock (Prisma Cloud CSPM) built only on certifications
and compliance. When integrated with a compliance offering and CWPP (Tetration), the Security benefits
brought to the customer far outweigh the threat intelligence that Prisma Cloud could offer.
3. Multi cloud and hybrid cloud deployments cannot be secured by Prisma Cloud vs Tetration which provides a
unified view of on-prem and cloud workloads and unified policy framework for all workloads irrespective of
where they reside.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 19
Top Differentiators & Weaknesses
Differentiators Weaknesses
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 20
Why Cisco?
Why We Win
1. The AWS offering is not a true CSPM but multiple features delivered via individual services and the customer
needs to pay for each service usage. The parts of this would be AWS Guard Duty + AWS Config + AWS KMS
+ AWS Security Hub.
2. Usage based metrics and accounting are cumbersome.
3. No advanced threat detection unlike Cisco.
4. Limited to the AWS Cloud DC/tenant. Does not cater to multi cloud use case.
5. No AWS native workload protection offering for unified visibility and seamless security analytics.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 21
Zero Trust Competitors
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 22
Cisco DUO vs Microsoft
Cisco Microsoft
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 23
DUO vs Okta Summary
OKTA is an IDaaS (Identity as a service) offering. Shown below are few differentiators of DUO vs an IDaaS offering
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 24
Duo Feature Differentiators
•90%+ adoption rate
Duo MFA •Easy to use and administer
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 25
APM (Application Performance Monitoring)
Competitors
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 26
New Relic APM
• Analytics: New Relic has limited analytics capabilities
Differentiators Weaknesses
and requires code changes to utilize it in a business
context.
• APM: New Relic doesn’t provide auto-instrumentation of
custom code, which limits the customer’s ability to have
• Price: NR can be less expensive and is willing to direct code-level visibility without significant developer
sacrifice margin for Enterprise business. Ensure that effort through initial monitoring into ongoing maintenance.
you focus the conversation around value and
product capability to differentiate us. Across the • Browser RUM: New Relic randomly samples and has no
board, we show a higher ROI. intelligent baselining, leaving your ability to identify
issues to random chance.
• Ease of Installation: New Relic seems easier to
install. Limited configuration capabilities get • Mobile RUM: New Relic has no screenshots and only
customers up and running quickly - but at the price partial data capture.
of not being able to adapt and customize the
technology to specific business needs. To dodge • Synthetics: New Relic does not have low-bandwidth
this conversation, position licenses on SaaS and simulation, where most problems occur.
ensure that your SE has done a dry-run of the
installation prior to running the POV. • Security: No at-rest data encryption (unless using their
AWS government solution), and lacking the ability to
scope RBAC by application under one account.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 27
Why Cisco?
Business: Risky Business Technical: We competitively outperform against New Relic (NR) feature-
by-feature in the following areas:
• New Relic spent two years targeting large
enterprise, with limited success, while their • Analytics: New Relic has limited analytics capabilities and requires code
Account rolls actually fell in FY2019. The changes to utilize it in a business context.
average recurring revenue per account
stood at $36,500 (Q3 2020). • APM: New Relic doesn’t provide auto-instrumentation of custom code,
which limits the customer’s ability to have direct code-level visibility
• In the first 9 months since the introduction without significant developer effort through initial monitoring into ongoing
of their “Platform for the Next Decade”, maintenance.
New Relic One, New Relic’s stock dropped
well over 40%. • Browser RUM: New Relic randomly samples and has no intelligent
baselining, leaving your ability to identify issues to random chance.
• New Relic is carrying significant and
growing, long-term debt. This level of • Mobile RUM: New Relic has no screenshots and only partial data
indebtedness may require them to prioritize capture.
debt maintenance over further investment
• Synthetics: New Relic does not have low-bandwidth simulation, where
in their product.
most problems occur.
• Companies like Datadog and Instana are
• Security: No at-rest data encryption (unless using their AWS government
actively targeting New Relic’s historic
solution), and lacking the ability to scope RBAC by application under
sweet spot, the SMB market.
one account.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 28
Datadog APM
• Lack of transaction scoring reduces the support team’s
Differentiators Weaknesses
ability to spot issues in specific transactions and
measure their impact. There is no ability to customize
transaction names or how transactions are detected
without code changes.
• Actionable insights are not provided to drive the
business or alert on critical business metrics (ex:
flagging a mispriced item on an e-commerce site or
contextualizing a spike in sales which has depleted
inventory) and no ability show business metrics in
release comparisons.
• Cost: Datadog has a simpler licensing model and • To instrument custom code (or unsupported
has a significantly cheaper upfront cost. frameworks), developers MUST add API calls to their
code and redeploy their applications. The bigger and
• Infrastructure: Because of their infrastructure-centric more complex the application, the more work developers
approach, Datadog has a strong alignment to are required to put into their Datadog deployment.
Infrastructure and Tools Teams responsible for high-
level monitoring of the systems.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 29
Why Cisco?
Business: Technical:
• Lack of enterprise focus. Well under 10% of 1. Identify Risks: AppD can track, measure, and score 100% of
Datadog’s customers have greater than $100k transactions end to end. DD: Lack of transaction scoring reduces
ARR. Datadog doesn’t have the same the support team’s ability to spot issues in specific transactions and
experience delivering at scale in the enterprise measure their impact. There is no ability to customize transaction
space. names or how transactions are detected without code changes.
• DIY solution. Nearly non-existent professional 2. BiQ is a competitive differentiator, Datadog has no true
services organization, meaning it won’t be equivalent.
easy to execute on advanced use cases, or
derive full value from the solution.
3. AppDynamics securely monitors, at scale, end to end.
• Split focus. The vast majority of Datadog’s Datadog falls short. Datadog is an infrastructure-centric tool that
revenue is derived from its Infrastructure takes a lot of manual effort to get minimal APM value. To
Monitoring and Log Management product instrument custom code (or unsupported frameworks), developers
lines. MUST add API calls to their code and redeploy their applications.
The bigger and more complex the application, the more work
• An unprofitable enterprise. Datadog developers are required to put into their Datadog deployment to
continues to operate at a loss. get the basics you would have out of the box with AppDynamics.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 30
Dynatrace APM
• Troubleshooting: Dynatrace only baselines 3 metrics for
Differentiators Weaknesses
alerting using a maximum of 7 days of data: every other
metric (e.g., disk space, memory usage, CPU usage)
requires setting and tuning a static threshold resulting in
more time tuning, less time troubleshooting.
• Dynatrace provides pieces of the BiQ solution, but lacks
critical features like Business Journeys or Experience
Journey Maps, limiting their ability to understand the
complete end to end journey of critical business processes.
• Scale: DT attempts to capture “all the data all the time,” but
when a system is most under stress, visibility is decreased
for both good and bad transactions alike to manage
Cost: DT has a simpler licensing model and can be
overhead.
less expensive upfront for some customers.
• Dynatrace does not provide any detailed memory analysis
Usability: Dynatrace is easier and faster to install,
tooling within their solution, so identifying and
especially in a POV.
understanding memory leaks requires additional tooling that
would not integrate with the APM solution.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 31
Why Cisco?
Business: Potential Investment Risk Technical:
• As of this writing, Dynatrace has 1. Identify Risks: AppD identifies risks sooner before they turn into
approximately $550M USD of debt that issues that impact the business. With Dynatrace Baselines 3
has a considerable number of metrics for alerting (response time, error, and load) over one week,
restrictions associated with it, including causing customers to be reactive to potential IT issues (e.g.,
limits (in the words of Dynatrace’s SEC memory leaks) and unable to address them until they have already
filings) on “[Dynatrace’s ability to], impacted users.
make investments, including
acquisitions” and “make capital 2. BiQ is a competitive differentiator, DT has no full
expenditures.” equivalent. Provides pieces of the BiQ solution, but lacks critical
features like Business Journeys or Experience Journey Maps,
• This significant indebtedness and the limiting their ability to understand the complete end to end journey
accompanying covenants can restrict of critical business processes.
Dynatrace’s ability to enhance their
product. This could, in the event of an 3. AppDynamics securely monitors, at scale, end to end.
economic downturn, pose a severe risk Dynatrace falls short. DT attempts to capture “all the data all the
to the viability of the business. time, ” but when a system is most under stress, visibility is
decreased for both good and bad transactions alike to manage
overhead.
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partner and Internal use only. Not for public distribution. 32
P