Advanced Web Security Deployment

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11© 2012 Cisco and/or its affiliates. All rights reserved.
Toronto, Canada
May 30, 2013
Advanced Web Security
Deployment
On-Premise, Cloud, Next Gen
Firewall?
Steve Gindi
Product Security Specialist
Cisco Systems

Agenda
• Cisco State of the Nation
Industry Trends
Gartner Overview
• Cisco Securing the Nation
Second level bullets are18 pts in size
• Cisco Deployment Options
sizing words, do not italicize
• Live Demo

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3
Cisco State of the
Nation

Where You Visit Online…
36%search engines
22%Online video
13%
Advertisements
20%Social networks
0% 5% 10% 15% 20% 25% 30% 35% 40%
Search Engine
Online Video
Ads
Social Network
Hits to Top Web Properties

…Is Where The Threats Are
Search Engines vs. Counterfeit Software
27x more likelyto deliver malicious content
Online Advertisements vs. Pornography
Online Shopping vs. Counterfeit Software

A More Targeted Attack
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Perscription Drugs
Luxury Watches
Credit Card
Business Reviews
Professional Network
Electronic Money Transfer
Accounting Software
Social Network
Professional Associations
Airline
Mail
Weight Loss
Government Organization
Windows Software
Cellular Company
Online Classifieds
Taxes
Prescription Drugs
Luxury Watches
Credit Card
Business Reviews
Professional Network
Electronic Money Transfer
Accounting Software
Social Network
Professional Associations
Airline
Mail
Weight Loss
Government Organization
Windows Software
Cellular Company

A More Targeted Attack
15
APRIL
January-March:
Windows Software spam, which
coincided with the release of the
Microsoft Windows 8 consumer preview
February-April:
Tax software spam during U.S. tax
season.
January-March and September-
December: Spam based on
Professional networks like LinkedIn,
correlated with desire for a change in
career during the beginning and end of
the year.

Data Loss
Business Pipeline
Social Networking
Webmail
Apps
Hotmail
Malware
Infections
Acceptable Use
Violations

Location
Device
Application
More People, Working from More Places, Using More Devices,
Accessing More Diverse Applications, and Passing Sensitive Data

Mobile Malware (mis)Information
Android Mobile Device Trending
2577%
Android Malware grows
over 2012
Mobile make up less than .5%
of total web malware
encounters
.5%

Gartner Magic Quadrant
Secure Web Gateway, 2012
The Magic Quadrant is copyrighted 2009 by Gartner, Inc. and
is reused with permission. The Magic Quadrant is a graphical
representation of a marketplace at and for a specific time
period. It depicts Gartner’s analysis of how certain vendors
measure against criteria for that marketplace, as defined by
Gartner. Gartner does not endorse any vendor product or
service depicted in the Magic Quadrant, and does not advise
technology users to select only those vendors placed in the
"Leaders” quadrant. The Magic Quadrant is intended solely
as a research tool, and is not meant to be a specific guide to
action. Gartner disclaims all warranties, express or implied,
with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
This Magic Quadrant graphic was published by Gartner, Inc.
as part of a larger research note and should be evaluated in
the context of the entire report. The Gartner report is available
upon request from Cisco.

Cisco Securing the
Nation

Web Security Portfolio
CENTRALIZED MANAGEMENT AND REPORTING
Single console for WSA or CWS solutions
ANYCONNECT SECURE MOBILITY CLIENT
Coffee Shop
Mobile UserHome Office
WEB SECURITY ESSENTIALS
Application Visibility and Control
URL Filtering, Reputation
ADVANCED WEB SECURITY
Anti-Malware Scanning
and Prevention, DLP
CloudAppliance Virtual FirewallRouter

Current Datacenters
Brazil
Canada (E), (W)
Bangalore
Chicago
Copenhagen
Dallas
Frankfurt
Hong Kong
London
Miami
New York Metro
Paris
San Jose
Singapore
Sydney
Tokyo
Zurich
In Progress Datacenters
Dubai
Mexico
South Africa

Visibility Control
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111
Cisco SIO
1.6M
GLOBAL SENSORS
75TB
DATA RECEIVED PER DAY
150M+
DEPLOYED ENDPOINTS
35%
WORLDWIDE EMAIL TRAFFIC
13B
WEB REQUESTS
WWW
Email WebDevices
IPS EndpointsNetworks
24x7x365
OPERATIONS
40+
LANGUAGES
600+
ENGINEERS, TECHNICIANS AND RESEARCHERS
80+
PH.D.S, CCIE, CISSP, MSCE
$100M+
SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT
3 to 5
MINUTE UPDATES
5,500+
IPS SIGNATURES PRODUCED
8M+
RULES PER DAY
200+
PARAMETERS TRACKED
70+
PUBLICATIONS PRODUCED
Unmatched Cloud-Based Global Threat Intelligence
Information
Actions
WWW
ESA ASA WSA
AnyConnectCWS IPS

Every Click, Every Object
Reputation and
Heuristical Analysis
Signature based
Anti-Virus
Protection Adaptive Scanning
Layer 4
Traffic Monitor
Malicious Traffic from
Infected Clients
Across All Ports &
All Protocols
Malicious Server
In-line / Real-time

• Deep application control,
e.g., IM, Facebook, WebEx
• Dynamic updates
• Site content ratings
URL Filtering
• URL database covering
over 50M sites worldwide
• Real-time dynamic
categorization for
unknown URLs
Enforce Acceptable Use Policies
• Reduce productivity loss
• Reduce risk of legal liabilities
• Control Web 2.0 traffic and web applications

WSA
ASA
On-Premise
AnyConnect Client
Redirect to
Premise or Cloud
Cloud
Mobile User

DLP Vendor Box
WSA
Hotmail
On-box Data
Security Policies
Off-box Integration
for Enterprise DLP

Centralized ReportingCentralized Management
Centralized Policy
Management
Delegated
Administration
In-Depth Threat Visibility
Extensive Forensic Capabilities
Insight
Across Threats,
Data and Applications
Control
Consistent Policy Across Offices
and for Remote Users
Visibility
Visibility Across Different Devices,
Services, and Network Layers

Coffee Shop
and Prevention, DLP

Cisco Deployment
Options

Coffee Shop
and Prevention, DLP

Cisco Web Security Essentials
WSA CWS ASA-X
URL Filtering Granular categories and dynamic classification updated by SIO
Policy Management Flexible control of use, applications, social media, etc.
AVC 1000 applications, 75,000+ microapplications
SIO Updates 75TB of threat telemetry daily
Reporting Valuable insight on-box, or via
Splunk for large implementations
Valuable insight hosted in the cloud Valuable insight on box
Web Reputation Only vendor to examine IP,
domain, URL and sender
reputations
Only vendor to examine IP, domain,
URL and sender reputations
Only vendor to examine IP, domain,
URL and sender reputations

Cisco Advanced Web Security
WSA CWS ASA-X
Web Security Essentials, plus
Real-time Malware
Scanning
Sophos & Webroot, McAfee
optional
Multiple malware engines Cisco SIO
DLP Integrates with existing DLP
vendors (RSA, Symantec, etc.)
Via content filtering rules N/A
SIEM Integration Native integration with ArcSight,
LogLogic, netForensics, RSA,
Splunk
Via WSA Connector N/A
Web Proxy Caching, logging, audio/video
throttling, AD
integration/authentication
N/A N/A
L4 Traffic Monitoring Prevents Trojans, blocks “phone
home” infections
N/A N/A

CISCO WEB SECURITY
APPLIANCE
High-performance unified
appliance
Single box design for
simplified control
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP
Integration
Unified reporting and
management tool
Flexible Deployment Options
CISCO CLOUD WEB
SECURITY
Cloud-based unified web
security
Connector software for
HW deployments
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP via
policies
Cloud-based reporting
and management
CISCO ASA-X AND
CWS CONNECTOR
Next-Generation firewall
Integrated web security
essentials:
AVC, URL filtering,
reputation
Advanced web security
through CWS
connector:
policies
management through CX
CISCO ISR-G2 WITH
CWS CONNECTOR
CWS connector for
branch deployments
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
policies
Cloud-based reporting
and management
VIRTUAL WEB
SECURITY APPLIANCE*
Virtual WSA for simplified
multi-location deployment
Unified web security
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP
Integration
management tool
*Coming Q4 FY13

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27Cisco ConfidentialCisco Connect 27© 2012 Cisco and/or its affiliates. All rights reserved.
“Which Approach is right for my
business???????”

Which Deployment Method Do I Choose?
DRIVERS WSA CWS ASA-X
Location: Large, centralized HQ Many branches, remote users Smaller HQ
Security:
Real time malware protection X X SIO
Regulatory:
SIEM/DLP/SOCKS/FTP X X (w/WSA Connector)
Network:
Bandwidth Control X X
Operations:
Existing ASA/ISR X X
Cloud, Virtual Initiatives X X
Cost Considerations X
* Hybrid deployment via WSA Connector

Users
Cisco Web Security – On Premise
Users
Internet
Firewall
UCS +
• Deployment Options
• Explicit Deployments – Browser
is aware there is a proxy server
• Transparent Deployments –
Layer 3/4 redirection via WCCP
or Traffic Management Device
Same functionality as WSA
Appliance, plus
Self-Service Provisioning
Instant Provisioning
Included with Software
Bundle
Unlimited License
Mix & Match deployment
Cisco Web
Security Virtual
Appliance

Cisco Cloud Web Security
Simplified and scalable deployments
Direct to Cloud
ASAISR-G2WSA
AnyConnect
Cloud Web Security
Reuses appliances
URL Filtering
Application Visibility & Control
Multiple Malware Engines
SIEM/DLP/SOCKS/FTP
SIO Updates
Policy Management
Reporting
Multiple Connector Options
Eliminates desktop agent
Reduces vendors
Eliminates backhaul

Cisco ASA CX
• Next-Generation Protection. Proven Cisco technology.
ContextAwarePolicyEngine
PluggableContextStores
Context Aware Data Plane
Virtual Packet Rings
nScan Array
TLS & SSL
HTTP MS-
RPC
FTP Scanner
‘N’
• Context Aware
• Most comprehensive controls –
applications, users, and devices
• Most widely deployed remote access
• Essential web security
• Threat Aware
• Reputation-based protection from zero-day
threats
• Analyzes global data from multiple threat
vectors
• Reputation analysis via human and machine
intelligence
Robust stateful inspection and broadest context-aware controls

Complete Your Paper
“Session Evaluation”
Give us your feedback and you could win
1 of 2 fabulous prizes in a random draw.
Complete and return your paper
evaluation form to the room attendant
as you leave this session.
Winners will be announced today.
You must be present to win!
..visit them at BOOTH# 100

Thank you.

Advanced Web Security Deployment

More Related Content

What's hot

Viewers also liked

Similar to Advanced Web Security Deployment

More from Cisco Canada

Recently uploaded

Advanced Web Security Deployment