scansafe 2012
Post on 19-Oct-2014
4.646 Views
Preview:
DESCRIPTION
TRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00 1
Cisco Content Security
2© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Web Security Product Overviews
3© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
“Security is THE top issue for Cisco and many of the CIO’s in the industry.
We are now putting the power of the entire company behind it.
“This opens a big opportunity for Cisco and an opportunity for us to help our customers
and we will fund it that way.”
Source: Jan/Feb Birthday Chatshttp://wwwin.cisco.com/chambers/past_events.shtml#pastTabs=1
4© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
The Numbers Don’t Lie… Gartner estimates 17% growth in the secure web market to around $1B in total revenue for 2011
· BlueCoat -> 9% decline in product revenue for FY2012, CEO’s stretch goal is to not have another decline in web security revenue this year
· Websense -> 2% decline in bookings in North America 1H 2011, CEO’s stated goal is to have double digit bookings growth in FY11 (hint: the stock tanked 10% after he re-affirmed that statement)
So how do you explain our two main competitors negative growth in such an attractive market? Cisco’s Web Security (WSA and ScanSafe) business grew 40% (again) this year to over $140M in FY11.
5© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
What a Difference a Year Makes…
2010 2011
6© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Web: Enabling the Borderless Experience
Branch Office
Applications and Data
Corporate Office
AttackersCoffee ShopCustomers
Airport
Mobile User Partners
Home Office
wWwWorld Wide Web
HTTP Is the New TCP
7© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Web Business Challenges
Acceptable Use Violations
Rising Malware Threats
Data Loss
Policy
Lack of Control over SaaS
8© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Mobility: Multi-Dimensional Challenge
Location
Device
Application
More People,
Working from More Places,
Using More Devices,
Accessing More Diverse
Applications and Passing
Sensitive Data
9© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Acceptable Use Controls for Web 2.0Cisco IronPort Web Usage Controls
Enforce Acceptable Use Policies Reduce productivity loss
Reduce risk of legal liabilities
Control Web 2.0 traffic and web applications
Control bandwidth intensive streaming media traffic
Application Visibilityand Control
Deep application control, e.g., IM, Facebook, WebEx
Bandwidth control for streaming media
Site content ratings
URL Filtering URL database covering over 50M sites worldwide
Real-time on-box dynamic categorization for unknown URLs
Auto update every five minutes
10© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Form Factor Choice
Cisco Web Security PortfolioEnabling a Business Class Web
Cisco IronPort S-Series: High-performance, integrated Web security appliance
Automatic updates
Centralized management & reporting
ScanSafe: Proven multi-tenant cloud Web security platform
Global data center footprint
100% uptime track record
Hybrid Web Security
(Future)
Protect from Malware
Enforce Acceptable Use
EnableVisibility & Control
PreventData Loss
Premise Cloud
11© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Positioning Guide for WSA and ScanSafe
WSA
Malware Protection (zero-day + signature scanning)
URL Filtering with Dynamic Categorization
Centralized Policy Management & Reporting
AnyConnect Secure Mobility
One or two egress points
Anti-cloud
Application Visibility & Control
Local caching and logging (integration with SIEM)
Integration with Enterprise DLP(Symantec Vontu, RSA Tablus)
Large number of egress points (branch locations going direct to internet)
General desire to move to the cloud / use other cloud services
Large mobile population – AnyConnect integration
Large ISR G2 deployment or refresh – ISR G2 integration
Reporting
12© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Global Email Traffic
30%New URLs Tracked per Day
7B
Data Processed per Day
500 GBParameters Tracked
200Email Rules per Day
1M
Advanced Heuristics Enable Secure X
13© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Cisco IronPort Web Security ApplianceIndustry Leading Secure Web Gateway
Control
Security
Acceptable Use Controls
Malware Protection
Data Security
SaaS Access Controls
Centralized Management and Reporting
Internet
15© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Global Datacenter Footprint
16© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
ScanSafe Product Overview
18© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Why SaaS?
SaaS offers lower TCO & improved security
19© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Market LeadershipCustomers
Awards
Partners
Challenges
Hugely decentralized, non-stand network
64 Internet gateways 47 geographic regions 300+ incumbent proxy
servers
Requirements Flexible deployment options Integration into global SSO Protection for more than
100K mobile users
Vertical: Manufacturing
12th in Fortune Global 500
270K users worldwide
Case Study - General Electric
20© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
What a Difference a Year Makes…
2010 2011
21© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Solution Overview
22© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Global Datacenter Footprint
23© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Content Control – Web 2.0
Web 2.0 blurs boundary between good and bad
Multiple Web sources on a single page
Social Networking
User generated content
URL filtering no longer effective
Either “over block” or “under block”
Especially for “short lived” websites such as proxy avoidance and illegal activities
Requires dynamic classification, search engine analysis & content control
However, true Web security requires real-time content analysis
24© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Zero-hour Protection - Outbreak Intelligence
25© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Global Email Traffic
30%New URLs Tracked per Day
7B
Data Processed per Day
500 GBParameters Tracked
200Email Rules per Day
1M
Advanced Heuristics Enable Secure X
26© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Outbreak Intelligence - The Results
Zeus Botnet / Luckysploit
Multiple injection attacks
Pe
rce
nta
ge
of m
alware b
loc
ks
Gumblar
27© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Roaming Web Security
Integrated with AnyConnect 3.0
Authenticates and directs your
external client Web traffic to scanning
infrastructure.
Numerous datacenters are located all
over the world ensuring that your
employees are never too far from our
in-the-cloud scanning services.
SSL-encryption of all Web traffic
flowing to datacenters improves
security over public networks.
28© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
ScanSafe Deployment Methods
AnyConnect VPN
ISR G2
PIM – Passive Identity Management
Connector
Proxy Chain
29© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
AnyConnectWeb Security
ScanSafe
Internet Traffic
VPN – Internal Traffic(optional)
ScanSafe Secure Mobility
30© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Internal Traffic
ISR Web Security with Cisco ScanSafe
Secure Local Internet Access
Cisco IOS Firewall Cisco IOS IPS
POSLocal LAN
Guest Users
Wired Security Zone Wireless Security Zone Head Office
Internet
31© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Firewall
`
Client
Active Directory Server
`
Client
`
Client
ScanSafe
xss--3-Plel6UC8EGJdNQiG-Mfq..
Encrypted Header (user granularity)
LoginScript
Set encrypted header
PIM - Passive Identity Management
Benefits Provides Active Directory user granularity
and group policy enforcement Provides redundancy/fail over
architecture via PAC No Connector software required Supports Dynamic IP registration via
DDNS Proven at-scale in the enterprise
Functionality Deployed via log-in script Browser connects directly to datacenters No data is sent in the clear User granularity information contained in
the HTTP/HTTPS header
32© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Connector Deployment
Connector
Processing Policy Intelligence
Scanning TowersActive Directory: Flexible management & redundancy through GPO, PAC
Thin Agent Any Windows
Server Tags Web
Requests
Small Driver Wi-Fi
Protection
Roaming Workers
33© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Proxy Chain Deployment - BlueCoat
How it works
1.Client request is directed to Local Proxy
2.Authentication continues to be managed on Blue Coat via BCAA and AD integration
3.External non-cached content requests are sent to ScanSafe tower via x-forwarded-for headers from Blue Coats
4.Content is served back via Local Proxy
Benefits
1.No user data is sent in the clear
2.Provides user granularity and group policy enforcement
3. Outbreak Intelligence and 2nd Commercial A/V Engine added
4.Provides redundancy/fail over architecture via PAC and proven at-scale in the enterprise
5.Reports delivered in seconds and over 80 attributes stored for every Web request
Assumption
1. BCAAA to be installed and configured within the Active Directory environment.
ScanSafe Tower
1
4
Internet
2
DMZBlueCoat
3
BCAAAAD
34© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Case Study - General Electric
Challenges
Hugely decentralized, non-stand network64 Internet gateways47 geographic regions300+ incumbent proxy servers
Requirements
Flexible deployment optionsIntegration into global SSOProtection for more than 100K mobile users
Vertical: Manufacturing
12th in Fortune Global 500
270K users worldwide
36© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Cisco Confidential 40© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco IronPort Email Security
42© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Cisco Positioned in the Leaders Quadrant of Gartner, Inc.'s Secure Email Gateways Magic Quadrant
Magic Quadrant for Secure Email Gateways August 10, 2011. Peter Firstbrook, Eric Ouellet.
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco.
The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
43© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Multi-layered Inbound Protection
Asyncos™ MTA Platform
Encryption Remediation DLP Content Filter
Inbound
Outbound
Reputation Filtering
Virus Outbreak FiltersAnti-Spam Anti-Virus
44© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Global Volume
Data
Global Volume
Data
Over 100,000 organizations, email traffic, web traffic
Message
Composition
Data
Message
Composition
Data
Message size, attachment
volume, attachment types,
URLs, host names
Spam TrapsSpam Traps
SpamCop, ISPs, customer
contributions
IP Blacklists &
Whitelists
IP Blacklists &
Whitelists
SpamCop, SpamHaus (SBL), NJABL, Bonded Sender
Compromised
Host Lists
Compromised
Host Lists
Downloaded files, linking URLs, threat heuristics
SORBS, OPM,
DSBL
Fortune 1000, length of sending history, location,
where the domain is hosted, how long has it been registered, how
long has the site been up
Complaint
Reports
Complaint
Reports
Spam, phishing,
virus reports
Spamvertized URLs, phishing URLs, spyware sites
Domain Blacklist
& Safelists
Domain Blacklist
& Safelists
SenderBase
Other DataOther Data
Web Site
Composition
Data
Web Site
Composition
Data
Cisco IronPort SenderBase Breadth and Quality of Data Makes the Difference
45© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Global Email Traffic
30%New URLs Tracked per Day
7B
Data Processed per Day
500 GBParameters Tracked
200Email Rules per Day
1M
Advanced Heuristics Enable Secure X
46© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Block 90% of Spam
Anti-Spam ArchitectureDefense In-depth
Multi-layer Spam Defense
Cisco IronPort Anti-SpamSenderbase Reputation Filtering
>99% Catch Rate< 1 in 1 mil False Positives
Who? How?
What? Where?
Score
47© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Anti-Spam ArchitectureDefense In-depth
Multi-layer Virus Defense
Anti-Virus
.
Cisco IronPort Anti-VirusVirus Outbreak Filters
Size 50 to 55KB
“Price” in the filename
Size 50 to 55KBzip (exe)
5015
48© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Outbreak FiltersDynamic Quarantine
Are the message attributes associated with an emerging botnet?
Has the target website changed since the email
was received?
Can we detect more messages like this
one?
Internet Inbox
Targeted Attack Filter
Email Security
Dynamic Quarantine
Cisco Security Intelligence Operations
Rule Sets
49© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
User ExperienceProtection Beyond the Click
Link is clicked
Block malware payload via HTTP
Website is clean
50© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Multi-layered Outbound Protection
Reputation Filtering
Anti-Spam Anti-Virus
Inbound
Outbound
Virus Outbreak Filters
Content Filter
Asyncos™ MTA Platform
Encryption Remediation DLP
52© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Data Loss PreventionVariety of Policies
53© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
We need to fax the following prescription information for Roger McMillan
FEXOFENANDINE (ALLEGRA) 180 MG TABLET
Dosage: Take 1 tablet by mouth daily
Prescribed by Dr. Joseph A. Kennedy, MD on 7/22/10
Please delivery to pharmacy stat.
==============================================
SSN: 331075839
Name: Roger McMillan
Medical Record: 06135443
Primary Care Provider: Blue Cross Blue Shield CA
Clinic: Stanford Hospital
Address:177 Bovet RoadSan Mateo, CA 94402
Data Loss PreventionFull Contextual Analysis
Matches are found in close proximity
Accurate
Comprehensive
Integrated
jsmith@acme.com
Prescription for J Smith
Rule is matched multiple times to increase score
Proper namedetection
Unique rule matches are met
SSN Numbers
54© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Identity-Based Secure MessagingIntegrated into the Network
SecureForwarding
Confidential Email
Guaranteed Recall
Read Receipts
55© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Email Recipient: Quick & Easy Access to ContentSecure Messaging: Easy for Receiver
Message is Available
3
Encrypted Message Arrives
1
One Click Extracts Message
2
4
Recipient can Reply with an Encrypted Message
56© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
Encryption Visibility and Control
Guaranteed Recall
Guaranteed Read Receipt
Guaranteed Expiration
57© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00
On-Premises Cloud Hybrid Managed
Award-Winning Technology
Dedicated SaaS Instances
Best of BothWorlds
Fully Managedon Premises
Backed by Service Level Agreements
Leadership with Choice
Thank you.Thank you.
top related