cisco hybrid web security · cisco hybrid web security: manage all policies from a single location...
TRANSCRIPT
![Page 1: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/1.jpg)
Martin Briand
Security Escalation VSE – Global Virtual Engineering
June 2016
Any Where, Any Device, Any Time –
Cisco Hybrid Web Security
![Page 2: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/2.jpg)
Our Agenda
• Security Today:Trends and Disruptions
• Your Security Needs
• Cisco Hybrid Web Security
• Roadmaps
![Page 3: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/3.jpg)
Better Security
Visibility
Securing the
Mobile Enterprise
Harden and Segment
the Network
Improve Results with
Security Services
Protect Against
Advanced Malware
Security as a
Network Driver
![Page 4: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/4.jpg)
Our goal is to make security less complex by providing a best of breed portfolio that’s deeply integrated and delivers solutions that are superb individually, but vastly more powerful when used together.
Effective Security Is Delivered When The Pieces Work Together. Seamlessly.
![Page 5: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/5.jpg)
Why Web Security?
82 Thousand Virus Blocks
181 Million Spyware Blocks
818 Million Web Blocks
Daily Web Breakdown
Daily
Yearly
19.7 Billion
7.2 Trillion
Total Threat Blocks
This is information gathered by Talos, Cisco’s Security Intelligence and Research Group
![Page 6: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/6.jpg)
Web Security Is More Important ThanEver Before
The web is a popular
attack vector for criminals
Without proper control, your own
users can put your business
at risk
Increased cloud adoption
creates blind spots
![Page 7: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/7.jpg)
Web Security Customer Requirements
https
Large amounts of
https traffic
Name
Password
OK Cancel
*******
Login_ID
Detailed web and
HR reporting
Corporate network
Proxy
Roaming user
Need for deep
inspection and control
including AVC
![Page 8: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/8.jpg)
Web Security Deployment Choices & Tradeoffs:
On-premise Web Security Cloud Web Security
Ideal
Deployment
• Headquarters
• Remote Sites
• Locations without a Cloud Offering
• Mobile Users
• Locations with Cloud Offerings
Benefits • Increased Performance
• Localized manageability & control
• Lower CAPEX & OPEX
• Maintenance & Upgrade support
provided
Concerns • Cost
• Maintenance & Upgrades
• Regulations
• Bandwidth required to access cloud
Cisco’s
Solution
• Web Security Appliance (WSA)
• Web Security Virtual Appliance (vWSA)
• Security Management Appliance (SMA)
• Cloud Web Security (CWS)
![Page 9: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/9.jpg)
Challenge: Web Security is Portable
Mobile Coffee shop Corporate Home Airport
![Page 10: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/10.jpg)
Cisco’s Hybrid Web Security –Any Where / Any Device / Any Time
HQ
Remote
Office
Remote
OfficeWSA
WSA
WSA
Remote
Office
Remote
Office
![Page 11: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/11.jpg)
Extending Protection Beyond the Network
WWW
WSA
HQ
Remote Sites
Roaming
UserVPN
WAN
Use
Case
1
Key Benefits
Save network
bandwidth
Improve user
experience
Defend against
malware
Protect your
investment
Use Case 2
Roaming
User
Use
Case
1
Roaming
User
Remote Sites
Use
Case 1
Roaming
User
Mobile
User
CWS
Browser
![Page 12: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/12.jpg)
Unified Reporting
Unified Policy Configuration & Reporting
Unified Policies
Roaming user HQ
Cloud Web Security
Graphical User Interface
WSA
Roaming user HQ
Web Security
Reporting Application
WSA
![Page 13: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/13.jpg)
Cisco Web Security Talos WSA
Key:
After
Outbreak
Intelligence
Reporting
Log Extraction
Management
Allow Warn Block Partial Block
HQ
Client
Authentication
Methods
www
CWS Only WSA/WSAv Only
Web
Filtering
Web
Reputation
Application
Visibility and
Control
Webpage
www.website.comAnti-
MalwareFile
Reputation
File
Sandboxing
File
Retrospection
Cognitive
Threat
Analytics
DLP
Integration
Hybrid
CWS
WSA
Roaming UserBranch Office
WCCP
ASA
Load Balancer
WSA
PBR
ISR G2 AnyConnect
AnyConnectExplicit/PAC
Explicit/PAC
Traffic
Redirection
Methods
Campus Office BYOD User
Admin
X X X X X X
ISR 4K
![Page 14: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/14.jpg)
Cisco Hybrid Web Security:Manage all policies from a single location – the Cloud
Gain visibility into web usage across devices and services
HQ
Branch
Roaming
Laptops
Gather insight into the data and applications your company uses and the threats you face
Set and enforce consistent policies across offices and remote users
Master your environmentPowerful centralized management and reporting provides admins the
capability to orchestrate and manage policies across all devices
Control your businessManage all your devices both on and off-premises
Simplify the processManage everything through a single location Identify Analyze Control
Acceptable Use
policies
Web Filtering policies
Threat Score
acceptance levels
Access permissions
Advanced Malware
Protection
![Page 15: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/15.jpg)
Roaming User
www
Scancenter Cisco Adv.
Reporting App
Today:Customers leverage CWS for Web Security
Policy Configuration is in Scancenter
Reporting is viewed in Cisco Adv. Reporting
App.
New Location X
WSA-
Hybrid mode
On Prem WSA
configuration
setup
Step 1:
On-Prem device must be configured locally by
an admin or technician. WSA is configured in
Hybrid Mode, network configurations to allow
pairing with Scancenter and Cisco Adv
Reporting Application as well as any other
network settings will be configured locally first.
Step 2:
Scancenter sees new on-prem WSA then is
able to configure or push current policy to
those users
Step 3:
Cisco Adv Reporting application is able to
report on both CWS and on-prem WSA
Cisco Hybrid Use Case – Phase 1Customer wants to add On-Prem WSA for
areas that do not have a local tower or political
reasons to have an on-prem device.
However, policy still controlled by cloud.
Cisco Hybrid Web Security:How Does It Work?
![Page 16: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/16.jpg)
One comprehensive bundle
Web security bundle: HYB-WEB-SEC
• GPL offering – Brazil and Indian Datacenters for CWS not available
• Offer available for distribution sell through, not for stocking (software
bundle)
Web Security Premium
Cloud Web Security Essentials
CWS
WSA
Web usage controls
Malware scanning
Secure mobility
Web usage controls
Malware scanning
Web security reporting application (optional)
Benefits
Flexible SolutionPurchase Cisco Web security for cloud or on premises
Choice of LicenseOrder new or renewal via GPL
Custom MixShift between CWS & WSA during contract or renewal
Unified PriceGet consistent pricing for WSA or CWS seats
Features
![Page 17: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/17.jpg)
Web Security reporting bundle• Support an initial mix of 30k WSA and 13k CWS
• Communicate changes in user mix to
Licensing Example
WSA
CWS
30k
users
Roaming
User
Remote
Sites
13k
users
HQ
CWS
WSA
Optional add-ons• Support 43k total users through the Web Security
Reporting App
• Extend CWS log extraction to 13k users (i.e. same
as those allocated to CWS)
![Page 18: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/18.jpg)
Hybrid Web Security Roadmap
1H CY152H CY15
(June 2015)
1H CY16
(January 2016)
2HCY16
(Fall 2016)
• Log Extraction from CWS
• CWS Policy Backup and
Restore
• Unified reporting on
premise
• Unified Policy
management
• New Customer User
Interface
• Centralized Cloud
Reporting
• Extended Health
Monitoring & Device
Management
Disclaimer: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This
roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features
set forth in this document.
![Page 19: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/19.jpg)
Cisco Web Security: The Protection You Require...Period!
AMPHybridWSA & CWS
Admin
Cisco Web Security Appliance (WSA)
Cisco Cloud Web Security (CWS)
CTA MobileNew
GUI
![Page 20: Cisco Hybrid Web Security · Cisco Hybrid Web Security: Manage all policies from a single location –the Cloud Gain visibility into web usage across devices and services HQ Branch](https://reader036.vdocuments.site/reader036/viewer/2022062921/5f031b127e708231d407901b/html5/thumbnails/20.jpg)