Lumension Data Security Partner Guide

Revision: H2CY10

Using this Data Security Partner Guide

Using this Data Security Partner Guide

This document is for the reader who:

• HasreadtheCisco Smart Business Architecture (SBA) for Government Large Agencies—Borderless Networks Design Overview and the Cisco Data Security Deployment Guide

• WantstoconnectBorderlessNetworkstoaLumensiondatasecurityendpointsolution

• WantstogainageneralunderstandingoftheLumensiondatasecurityendpointsolution

• HasalevelofunderstandingequivalenttoaCCNA® certification

• Wantstopreventsensitivedata,includingintellectualpropertyandcustomerdata,fromleavingtheagencywithoutprotection

• Wantstosolvedatasecuritycomplianceandregulatoryproblems

• Ismandatedtoimplementdatasecuritypolicies

• Wantstheassuranceofavalidateddatasecuritysolution

Related Documents

Before reading this guide

Design Overview

InternetEdgeDeploymentGuide

InternetEdgeConfigurationGuide

DataSecurityDeploymentGuide

Lumension Data Security Partner Guide

Design Overview

Internet Edge Configuration Guide

Foundation DeploymentGuides

Network ManagementGuides

Data SecurityDeployment Guide

Design Guides Deployment Guides

You are Here

Supplemental Guides

Internet EdgeDeployment Guide

TableofContents

ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERSDISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA-TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICALOROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARYDEPENDINGONFACTORSNOTTESTEDBYCISCO.

AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)

©2010CiscoSystems,Inc.Allrightsreserved.

TableofContents

Overview of Cisco Borderless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Agency Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Lumension Device Control Deployment Overview . . . . . . . . . . . . . . . . . . . . . . . .3

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Appendix A: SBA for Large Agencies Document System . . . . . . . . . . . . . . . . . . 8

1OverviewofCiscoBorderlessNetworks

Overview of Cisco BorderlessNetworks

TheCiscoSBAforLargeAgencies—BorderlessNetworksofferspartnersandcustomersvaluablenetworkdesignanddeploymentbestpractices;helpsagenciestodeliversuperiorend-userexperiencesusingswitching,routing,securityandwirelesstechnologies;andincludescomprehensivemanagementcapabilitiesfortheentiresystem.CustomerscanusetheguidanceprovidedinthearchitectureanddeploymentguidestomaximizethevalueoftheirCisconetworkinasimple,fast,affordable,scalableandflexiblemanner.

Figure1.LumensionDataSecurityIntegratedintotheSBAforLargeAgencies—BorderlessNetworks

Modulardesignmeansthattechnologiescanbeaddedwhentheagencyisreadytodeploythem.Figure1showshowtheLumensiondatasecuritysolutionintegratesintotheBorderlessNetworksarchitecture.

This guide is part of a comprehensive data security system designed to solveagencies’operationalproblems,suchasprotectingintellectualprop-ertyandsensitivecustomerinformationassets,andmeetingcompliancerequirements.TheguidefocusesonCisco’spartnershipwithLumensiontodeliveraffordableendpointdevicecontrolasapartofCisco’sbroaderdatasecuritysystem.

2AgencyBenefits

AgencyBenefits

Dataisanagency’slifelineandagencieshavedatastoredeverywhere.Toenhanceproductivity,agenciesallowemployeesandpartnersaccesstodatafromalmostanywhere.Inaddition,manyemployeesareworkingremotely,thusrequiringaccessfromoutsidethenetwork.Butthepotentialimpactofdatalossisaveryrealconcern,beitaccidentalormalicious.Andremovabledevices(suchasUSBflashdrives)andmedia(suchasDVDs/CDs)areamongthemostcommondataleakageroutes,withnofilecopylimits,noencryption,noaudittrails,andnocentralmanagement.

Table1.LumensionDeviceControlOverview

Capability Benefit

Centrallymanagessecuritypoliciesforremovabledevicesandmediausingawhitelist,default-denypolicyapproach

• Eliminatesamajordataleakagepaththroughautomatedcontrolofportsandremovablestorage

• Enablesoperationalproductivitywhileenhancingorganizationalsecurity

• Reducesmanagementandmaintenanceneedsinanever-changingITenvironment

Enforcesencryptionpolicieswhencopyingdatatoremov-abledevicesormedia

• Protectsvaluablecorporateandcustomerdata

• Provides“safeharbor”protectionincaseofdataexfiltration

Preventsmalwareintrusionviaremovabledevicesormedia • Addsalayerofprotectiontoyournetwork

• Reducesthreatofself-replicating,self-propagatingmalware(suchasConficker)

Providesin-depthreportingandalerting,includingsyslogintegration

• Offersforensicsandreportingtoolstodemonstratecompliancewithapplicablelaws

• Allowsforreal-timereactiontoendpointevents

• Improvesunderstandingofinter-relatedevents

Infact,theproblemofdataleakageduetotheaccidentalorsometimesmalicioususeofremovabledevicesand/orremovablemediahasreachedalarminglevels:over85%ofprivacyandsecurityprofessionalsreportedatleastonebreachandalmost64%reportedmultiplebreachesthatrequirednotification.1Thecostsforrecoveryofdataandlostbusinessarerapidlyrisingaswell,withtheaverageperincidentcostnowestimatedtobe$6.75million.2

LumensionDeviceControlenforcesagency-wideusagepoliciesforremov-abledevices,removablemedia,anddata,includingread/writeaccessrightsandencryptionenforcement.TheproductfeaturesaresummarizedinTable1.

1 Deloitte&ToucheandPonemonInstitute,Enterprise@Risk:2007Privacy&DataProtection Survey,December20072 PonemonInstitute,2009AnnualStudy:CostofaDataBreach,February2010

3LumensionDeviceControlDeploymentOverview

LumensionDeviceControlDeploymentOverview

Step 1: Installing Lumension Device Control on your network

LumensionDeviceControlsupportscontrolsonanyportsanddevicesrec-ognizedbyWindows,includingallPlug-and-Playanduser-defineddevices.Table2liststhesupportedportsanddevices:

Table2.LumensionDeviceSupport

Physical Interfaces

Wireless Interfaces Device Types

• USB

• FireWire

• PCMCIA

• ATA/IDE

• SCSI

• LPT/Parallel

• COM/Serial

• PS/2

• WiFi

• Bluetooth

• IrDA

• WirelessNICs

• RemovableStorageDevices

• ExternalHardDrives

• DVD/CDDrives

• FloppyDrives

• TapeDrives

• Printers

• Modems/SecondaryNetworkAccessDevices

• PDAsandotherhandhelds

• ImagingDevices(Scanners)

• BiometricDevices

• WindowsPortableDevices

• SmartCardReaders

• PS/2Keyboards

• User-DefinedDevices

Successfulinstallationrequiresyoutoinstallthefollowingcomponents:

1. InstalltheDatabase.LumensionDeviceControlusesMicrosoftSQLServer2005(standardorExpresseditions)orMicrosoftSQLServer2008(standardorExpresseditions).

2. Generateandsaveapublicandprivatekeypair.Lumensionstronglyrecommendstheuseofapublic-privatekeypairtoprovidethehighestlevelofsecurity.

3. InstalltheApplicationServer(s).LumensionDeviceControlisdesignedtouseoneormoreApplicationServers.Eachoftheseactsasaninter-mediarybetweentheendpointclientandthedatabase,anddistributesthelistofdevicesandsoftwarepermissionsforeveryendpointonyournetwork.

4. InstalltheManagementConsole,whichisusedtoconfigureLumensionDeviceControlandenablesadministratorstoperformarangeofday-to-dayadministrativetasks.

5. Installanddeploytheendpointclient(SK),whichisalow-levelkerneldriverthatcontrolsaccesstodevicesontheprotectedendpoint.TheSKsupportsMicrosoftXPProfessional,Vista,Windows7,Server2003,Server2008,Server2008R2,andmanyothers,includingvirtualplatforms.

Step 2: Setting up Lumension Device Control

LumensionDeviceControlgrantsdeviceaccessbyapplyingpermissionsrulestoeachdevicetype,includingfloppydiskdrives,CDandDVDdrives,serialandparallelports,USBdevices,hotswappableandinternalharddrives,andsoon.BasedontheLeastPrivilegePrinciple,accesstoanydeviceisprohibitedbydefaultforallusers.Tograntaccess,theadministra-torassociatesusersorusergroupstospecificdevicesorcompletedeviceclasses.Thisapproachisunliketraditionalsecuritysolutionsthatuseblackliststospecifydevicesthatcannotbeused.

4LumensionDeviceControlDeploymentOverview

SettingupLumensionDeviceControlrequiresyoutoperformthefollowingtasksthroughthemanagementGUI:

1 . Discover:Identifyallremovabledevicesthatconnecttoyourend-pointsusinglearningmodetocollectinformationwithoutdisruptingoperations.

2 . Assess:Definerulesatbothglobalandmachine-specificlevelsforgroupsandindividualuserstodefinedeviceaccessbyclass,modelorspecificID,anduniquelyidentifyandauthorizespecificmedia.ThesepermissionscanbelinkedtouserandusergroupinformationfromMicrosoftActiveDirectoryorNovelleDirectory.

3 . Implement:Enforcedeviceanddatausagepolicies,andcentrallyenforcetheencryptionofdatabeingmovedontoremovabledevicesand/ormedia;applythesepermissionstospecificendpoints,ports,devicesandusers,orentiregroups.

4 . Monitor:Continuouslymonitortheeffectivenessofdeviceanddatausagepoliciesinrealtimeandidentifypotentialsecuritythreatsbyloggingalldeviceconnections,recordingallpolicychangesandadministratoractivitiesandtrackingallfiletransfersbyfilenameandcontenttype.YoucanevenkeepacopyofeveryfilethatistransferredtoorfromaremovabledeviceusingLumension’spatentedbi-direc-tionalshadowingtechnology.

5 . Report: Createbothstandardandcustomizedreportsonalldeviceanddataactivityshowingallowedandblockedevents,whichcanbesavedintoarepository,sharedviaemail,orimportedintothirdpartyapplications.Detailedforensicreportsandcomprehensiveauditingcapabilitiesenableorganizationstodemonstratecompliancewithgovernmentrequirements(suchasSOX,GLBA,HIPAA,HITECH,andothers),industryregulations(suchasNERC,PCIDSSandothers)andtheirowninternalsecuritypolicies.

Reader Tip

ImplementLumensionDeviceControlin“learning”modefirst,andcol-lectinformationondeviceusageinyournetworkwithoutblocking,untilyouhaveagoodideaofwhoisusingwhatandwhy.Besuretocollectinformationoverasufficientlengthoftime,onewhichcoversimportantperiodsofhighactivity,suchasmonth-endcloseintheaccountingdepartment,orincreasedsalesactivityattheendofaquarter.

Reader Tip

Deployanynewenforcementpolicyinphases.Startsmall,thentest,monitorandadjust.Afterthingshavestabilized,moveontothenextphase.

Working with Cisco AnyConnect and RSA DLP Endpoint

LumensionDeviceControlworksseamlesslywithRSAdatalossprevention(DLP)productsandtheCiscoAnyConnectclienttoprovidepolicy-basedcontrolforsensitivedataonremovablemedia.AcombinationofRSADLPEndpointandLumensionDeviceControlpoliciesallowsagenciestocontroldatainuse.ThroughpartnershipwithRSA,LumensionwillusetherobustclassificationtechnologyandcomprehensivepolicylibrariescontainedintheRSADLPSDKtoscandocumentsandcomparethemagainstRSApoli-cies,andthenrestrictorencryptthesensitivedatabasedonuseraccessandcorporatepolicy.CiscoAnyConnectprovidesthesecuretransmissionofdatainmotionfromtheendpoint.

ThiscombinationofLumensionDeviceControlwithCiscoAnyConnectVPNandRSADLPEndpointallowsagenciestoeffectivelycontrolsensitivedatatransferredtoremovablemedia,encryptdataonremovablemedia,andsecuredeliveryofdatainmotion.

Getting Value from Lumension Device Control

LumensionDeviceControlprovidesdeep,granularcontrolofallport,device,andmediausageonyournetwork.Someofthecapabilitieswhichcanbeincorporatedintoyoursecuritypolicyinclude:

• Per-Device Permissions:Usegranularpermissionstocontrolaccessatdeviceclass(forexample,allUSBflashdrives),devicegroup,devicemodelorevenuniqueIDlevels;forinstance,restrictaccessrightstoaspecificdeviceofaagency-approvedmodel.

• Default-Deny Whitelist: Assignpermissionsforauthorizedremov-abledevices,suchasUSBsticks,andmedia,suchasDVDsorCDs,toindividualusersorusergroups;bydefault,anythingthatisnotexplicitlyauthorizedisdenied.

• Read-Only Access:Defineanydeviceasread-only;otherdeviceper-missionsincludewriteaccess,andencrypt/decryptrestrictions.

5LumensionDeviceControlDeploymentOverview

• 256-bit AES Encryption:Usecentralsecuritypolicytoforce256-bitAESencryptionofallremovabledevicesandmediaacrossallendpointsonnetwork;optionsinclude:centralized(byadminonly)vs.decentralized(byend-user),andnon-portable(networkaccessibleonly)vs.portable(accessibleoutsidethenetwork).

• Temporary/Scheduled Access: Grant users temporary access to removabledevicesandmedia,foralimitedperiod.Also,limitdeviceusageduringspecifictimeperiods.

• Offline Enforcement: Permissions and restrictions remain effective even whentheendpointisoffline;thesecanbethesameaswhenthedeviceonline,ordifferent.

• Uniquely Identify and Authorize Specific Media: AuthorizeandmanageDVDandCDcollectionsbygrantingaccesstospecificusersorusergroupsandencryptingremovablemediawithuniqueIDs.

• Context-Sensitive Permissions: Applydifferentpermissionsandrestric-tionsdependingonnetworkconnectivitystatus.Forexample,youcanenableordisablewirelesscardsonlaptops,dependingonwhethertheyareconnectedtoawirednetworkornot.

• Offline Updates: Update permissions of remote endpoints that cannot establishanetworkconnection.Newpermissionsaresavedtoafilethatisimportedandinstalledontotheclientcomputer.

• Device Management: Detectandmanagealldevices,includingPlug-and-Playandnon-standarddevices,atthetimetheyareinsertedintotheendpoint.

• File Type Filtering: Restrictandmanagethetypesoffilesthatcanbemovedtoandfromremovabledevicesandmedia;combinewithforcedencryptionforaddedprotection.

• Data Copy Restriction: Restrictthedailyamountofdatacopiedtoremovabledevicesandmediaonaper-userbasis;canalsolimitusagetospecifictimeframesanddays(forexample,onlyduringnormalworkinghoursonweekdays).

Generating Reports from Lumension Device Control

LumensionDeviceControlcomeswithintegratedreporting.Reportscanbecustomizedandsavedintoarepository,sharedviaemail,orimportedintothirdpartyapplications..Adminscanlogandcreatestandardandcustom-izedreportsonalldeviceanddataactivityshowinguserpermissions,forexample.Figure2showsthereport-generatinginterface.

Figure2.LumensionReportInterface

Reports can show:

• Usageofports,devices,andmediaacrossallendpoints

• Allallowedorblockedevents

• Policychangesandadministratoractivities

• Filetransfersbyfilenameandcontenttype

6LumensionDeviceControlDeploymentOverview

Inaddition,event,auditanddiagnosticlogscanbesentassyslogmes-sages,allowingadministratorstotakeadvantageofexistinginfrastructureandintegratedeventmanagement.Thisallowsforeventcorrelationwithothersystemlogsforcentralizedforensics,andaddsmoreoptionsforalertingandreporting.

Maintaining Lumension Device Control

MinimalmaintenanceisrequiredforLumensionDeviceControl.TheadministratorcaneasilycleanupoldlogfilesintheSQLdatabasefromtheManagementConsole.Inaddition,alllogentriescanbeeasilymanagedandexportedtocomma-separatedvalue(CSV)files,whichcanthenbeimportedintothird-partyloganalyzertools.

Securitypoliciesalsorequireoccasionalmaintenance.Asagenciesmonitordeviceusageanddataflowsovertime,thelistofalloweddevicescanbetightened,especiallyasnewdevicesareintroduced,asnewpeoplejoinandothersleave,andagencyneedsevolve.Lumension’swhitelist-basedpolicyapproachallowsnewdevicestobeadjustedastheneedarises.

Reader Tip

Startbycreatingasfewgeneralizedpermissionsetsaspossible.Theseshouldincludeasmanyhigh-levelrulesaspossible,withasfewexceptionsaspossible.DefinerulesatbothDefault(orUniversal)andMachine-Specificlevelsforgroupsandindividualusers.Thepolicyruleswillgrowmorecomplicatedovertime,sostartsimplyandaddexceptionsasneeded.

Lumension Device Control in Action

AsUSBdevicesgrowlargerincapacity,smallerinsize,andcheaperincost,akeyquestionformanyagenciesis:HowdoIcontrolwhatremovabledevicesemployeescanuseatwork?

ThefirststepinansweringthisistouseLumensionDeviceControl’slearn-ingmodetodiscoverwhatdevicesarebeingusedonyournetwork.Thiscanrevealasurprisingnumberandvarietyofdevicesinuseontheendpointsinyournetwork.Thedevicesarecategorizedbasedonhowtheyregister

themselveswithWindows,downtomakesandmodelsandevenspecificdeviceIDs.Herearesomeexamplesofhowthisinformationcanbeapplied:

• The Device Class level .Youcanassignread,read/write,ordenypermissionstoaccessaspecifictypeofdevice(forexample,allremov-ablestoragedevices).

• The Device Group level .Youcansub-classifydevices,groupingthemincoherentunitsandthenaddingspecificpermissionsandrulestoeachdevicegroup(forexample,allUSBflashdrives).

• The Device Model level . Youcandefineadevicemodelandapplypermissionsforit(forexample,allSanDiskCruzerTitanium8GBflashdrives).

• The device itself . Youcanmanagetheuseofuniquedevices(forexample,Fred’sCruzerflashdrivewithserialnumber1x23rty789).

Thenextstepistodefinepermissions.Basedonthedatacollectedandyoursecuritypolicy,youcandefinepermissionsfortheentireagency(global),fordifferentgroups(forexample,youmaywantdifferentpermissionsforthefinancegroupandthesalesgroup),orevenforspecificindividuals(forexample,theCEOmightbeaffordedspecialrights).Thesepermissionsmightincluderead/writeaccess,forcedencryption,ortime-basedaccess,andcanbesetforindividualorgroupsofusers,machines,portsanddevices

Aftergoingthroughtheeducationandactivationphase,youwillmonitordeviceusageanddataflows,andadaptyourpoliciesandprocedurestoaccommodatethereal-worldneedsofyourenduserswithoutcompromis-ingsecurity.Youwillwanttopublishperiodicreportstoauditcompliancewithinternalsecuritypolicy(andexternalregulation,ifapplicable),andtocontinuetounderstandthegapbetweenwhereyouareandwhereyouwanttobe.Thisinturnshoulddrivereassessmentsandupdatesofyouroverallsecuritypolicy.

Products Verified with Cisco SBA

LumensionEndpointSecurityV4.4.isvalidatedacrossCiscoSBAwithCiscoAnyConnect2.5.0.217.

7Summary

Summary

Thetrendtowardsgreatermobilityofworkersisacceleratingduetoincreasedproductivity,greaterconvenience,andreducedcosts.Withgreatermobilitycomestheneedforincreasedsecurityandprotectionofdataatallpointsinyournetwork.Alongwithworkforcemobility,agenciesarefacingagrowingandrapidlyevolvingsetofsecuritychallenges,including:IToutsourcing,cybercrime,Web2.0,anddatabreaches.

Lumensionprovidesoperationalendpointmanagementandsecuritysolutionsthathelpprotectyourvitalinformationandmanageyourcriticalriskacrossnetworkandendpointassets.LumensiondeliversVulnerabilityManagement,EndpointProtection,DataProtection,andComplianceandITRiskManagementSolution.LumensionDeviceControlenforcesagency-widepoliciesforremovabledevices,removablemedia,anddatasuchasread/writeandencryption.

FutureintegrationbetweenLumensionDeviceControlandCiscoAnyConnectVPNwillbringadditionalbenefitstoendpointsecurityinclud-ingadaptivesecuritypolicysettingswheretheclientwilladjustsecurityautomaticallybasedonthreatdetectionlevelsprovidedtotheclientthroughtheVPNconnection.

How to Contact US

End Users

• PleasecontactLumension,Inc.viaendpoint.support@lumension.com foranyquestions.

• SubmitaninquiryaboutLumensionandtheCiscoSmartBusinessArchitectureforLargeAgencies—BorderlessNetworks.

Resellers

• PleasecontactLumensionviapartners@lumension.com for any questions.

• FormoreinformationonhowtobecomeaLumensionreseller,pleasevisitthePartnerSectionofourwebsiteatwww.lumension.com/partners.

FormoreinformationontheLumensionandCiscoPartnership,pleasevisittheCiscoResourceCenter.

.

8AppendixA

AppendixA: SBAforLargeAgenciesDocumentSystem

Design Overview

IPv6 AddressingGuide

LAN DeploymentGuide

LAN Configuration Guide

WAN DeploymentGuide

WAN Configuration Guide

Internet EdgeDeployment Guide

Internet Edge Configuration Guide

SolarWinds Deployment Guide

Foundation DeploymentGuides

Network ManagementGuides

Wireless CleanAirDeployment Guide

Data SecurityDeployment Guide

Nexus 7000 Deployment Guide

ArcSight SIEM Partner Guide

LogLogic SIEM Partner Guide

nFx SIEM Partner Guide

RSA SIEM Partner Guide

Splunk SIEM Partner Guide

CREDANT Data Security Partner Guide

Lumension Data Security Partner Guide

SIEM DeploymentGuide

Design Guides Deployment Guides

You are Here

Supplemental Guides

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Americas HeadquartersCisco Systems, Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems International BVAmsterdam, The Netherlands

C07-641095-0002/11