Presentation ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 ·...

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2

Logotip

sponzora

Cisco IronPort Web Security Solution

Borderless Advanced Protection - Hrvoje Dogan

3

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID

Agenda

1. About Cisco IronPort and Cisco Security

2. The Power for Advanced Protection

3. Cisco IronPort Web Security Appliances

4. Let’s Remove The Borders!

5. Don’t Believe What We Say – Try It Out!

4


Bord

erle

ss

Data

Cente

r

3

Bord

erle

ss

Inte

rnet

2

Bord

erle

ss

End Z

ones

1

Cisco’s Architecture for Borderless Network Security

Policy

Corporate Border

Branch Office

Applications and Data

Corporate Office

Policy(Access Control, Acceptable Use, Malware, Data Security)4

Home Office

AttackersCoffee

ShopCustomers

Airport

Mobile

User Partners

Platform

as a Service

Infrastructure

as a ServiceX

as a ServiceSoftware

as a Service

5


Pillar 2: Borderless Security ArrayAdvanced Scanning and Enforcement Capabilities

Access Control | Acceptable Use | Data Security |Threat Protection

Integrated into the Fabric of the Network

Access Control | Acceptable Use | Data Security |Threat Protection

Integrated into the Fabric of the Network

Cisco IronPortEmail Security

Appliance

Cisco AdaptiveSecurity Appliance

Cisco IntegratedServices Routers

Cisco IronPortWeb Security

Appliance

5

VM Software Security Module Hybrid HostedAppliance

6


The Power for Advanced Protection

7


A Seismic Shift

1. 2000-2008: IT security products look deeper

� 2009: Cisco Security products look around, respond faster

8


Cisco Security IntelligenceOperations (SIO)Overview

Most Accurate Protection Against a Broad Range of Threats

Cisco Threat Operations Center

Cisco Threat Operations Center

Global Threat Telemetry

Dynamic Updates and

Actionable Intelligence

Adaptive Security

Appliances

Intrusion Prevention

Solution

Email Security

Appliances

Web Security

Appliances

wwwwww

Global Threat Telemetry

System

Administrators

9


Cisco SIOKey Components

Powerful Ecosystem Enables Fast, Accurate Protection

10


Cisco SIOCisco SensorBase

Largest Network, Highest Data Quality, Unmatched Breadth

11


Cisco SensorBase NetworkUnmatched Visibility Into Global Threats

Most Devices

1M security devices, 10M

clients shipped per year

Core Internet routers

Cloud-based services

Largest Footprint

30% of the world’s

email traffic

200+ parameters

368GB per day sensor

feeds

Diverse Sources

Eight of the top ten ISPs

Fortune 500, Global 2000,

universities, SMBs

152 third-party feeds

First to Combine Network and Application Layer Data

12


Spam with MaliciousAttachment

Malware Distributing Site

Email

Web

Directed Attack

Firewall / IPS

Cisco SensorBase NetworkUnmatched Breadth

Malware Distributing Site

Directed AttackSpam with Malicious

Attachment

SensorBase Network

13


Cisco SIOCisco Threat Operations Center (TOC)

Advanced Research and Development, Security Modeling, Experienced Analysts

14


Cisco Threat Operation CenterAdvanced Research and Development

1. Millions in R&D investment

Threat experts and statisticians

Equipment and infrastructure

Thought leadership, prevention and best practices expertise

76 patents

2. Innovative services

IPS Global Correlation

ASA Botnet Traffic Filters

Virus Outbreak Filters

Reputation Filters (IPS, email, web, etc.)

15


Experienced Analysts

500 analysts

European and Asian languages

1 Cisco Fellow

80+ Ph.D.s, CCIEs, CISSPs,

MSCEs

Cisco Threat Operations CenterEnsuring Accuracy and Responsiveness

Powerful Tools

Dynamic updates

Correlation and data mining

Advanced rule approval,

creation and publishing

applications24x7x365 Operations

5 threat operations center

locations around the globe

San Jose, San Bruno, Austin,

North Carolina, Shanghai

16


Cisco SIOBroadest Enforcement Capabilities

Fast Device Scanning Engines and Granular Policy

17


Advanced ProtectionPutting It All Together

Live

Reputation

Scores

Live

Reputation

Scores

Authored

Rule Sets

Authored

Rule Sets

New and

Updated

Signatures

New and

Updated

Signatures

Web

Reputation

Filters

Web

Reputation

FiltersAnti-SpamAnti-Spam

Email

Reputation

Filters

Email

Reputation

Filters

Virus

Outbreak

Filters

Virus

Outbreak

Filters

IPS Reputation

and Signature

Filters

IPS Reputation

and Signature

Filters

Firewall Botnet

Traffic Filters

Firewall Botnet

Traffic Filters

Adaptive Security

Appliances

Intrusion Prevention

Solution

Email Security

Appliances

Web Security

Appliances

Hosted Email

Services

Cisco Products and Services: High-performance, flexible enforcement points

Cisco SIO: Cloud-based intelligence to power Cisco security services

Security Filters: Industry’s most effective security features

wwwwww

Auto-Updates

Every 5 minutes

Auto-Updates

Every 5 minutesDynamic

Rule Sets

Dynamic

Rule Sets

18


Cisco IronPort Web Security Appliances

19


The Challenge TodayCountervailing Forces

Globalization

Collaboration

Data Loss

Mobility

Enterprise SaaS

Threats

Acceptable Use

20


Increasing Enterprise Web TrafficUbiquitous Path In and Out of Enterprise Networks

� Growing business web usage

HTTP is the New TCP

IMFTP

RPCVideoSOAP

� Growing tunneled apps usage

21


Malware

Web Business Challenges

40% Productivity Lossdue to personal web use at work

Legal and Regulatory Riskof offensive content brought into the workplace

AcceptableUse Violations

Data Loss

22


� Global visibility required to preempt damage

� Insufficient protection leaves gaps in coverage

Risks Maturing Faster Than Expertise

� Threat proliferation increases workload and demands increased expertise

� Thin administrator resources increasingly stretched with budget tightening

Administrator Frustrations

23


Cisco IronPort S-Series

Cisco IronPort Secure Web GatewayAddressing Business Challenges

24


Next-Generation Secure Web GatewayConsolidation Drives Operational Efficiency

Users

After Cisco IronPort

Internet

Firewall

Users

Web Proxy and Caching

Anti-Spyware

Anti-Virus

Anti-Phishing

URL Filtering

Policy Management

Before Cisco IronPort

Cisco IronPort WSA

Internet

Firewall

25


Cisco IronPort Web Security ApplianceA Powerful, Secure Web Gateway Solution

1. Most effective defense against web-based malware

2. Visibility and control for acceptable use and data loss

3. High performance to ensure best end-user experience

4. Integrated solution offering optimum TCO

Management and Reporting

AsyncOS for Web

Acceptable Use Policy

Malware Defense

Data Security

26


Acceptable Use EnforcementVisibility and Control for the Web and Web Applications


AsyncOS for Web


Malware Defense

Data Security

1. Enterprise-class URL filtering

2. Applications and object filtering

3. Integrated identity and authentication

27


The Categorized Web

20% covered by URL lists

Customer Problem

28


– Dynamic content

– Password protected sites

– User generated content

– Short life sites

The Categorized Web

20% covered by URL lists

The Dark Web80% of the web is uncategorized,

highly dynamic or unreachable

29


URL Keyword Analysis

www.casinoonthe.net/Gambling

Introducing Cisco IronPort Web Usage ControlsA Spotlight for the Dark Web

1. Industry-leading URL database efficacy• 65 categories

• Updated every 5 minutes

• Powered by Cisco SIO

2. Real-time Dynamic Content Analysis Engine accurately identifies over 90% of Dark Web content in commonly blocked categories

Uncategorized

Dynamic Content Analysis Engine

GamblingAnalyze Site Content

URL Lookup in Database

www.sportsbook.com/Gambling

URL Database

Uncategorized

30


Dynamic Content Analysis (DCA) EngineIdentifies 90% of Objectionable Dark Web Content

Stops 50% more objectionable content*

*Source: Cisco SIO, based on data from customer production traffic

31


Cisco IronPort Web Usage ControlsLeading Efficacy, Rich Controls, Comprehensive Visibility

32


Application Visibility and Control

• Provide visibility and policy control over web traffic based on the application in use

• Block some applications based on URL category as well

“No streaming video from sports sites”

• Provide deeper visibility and control into rich apps using HTTP as transport

• Add-on to Cisco IronPort Web Usage Controls

33


AVC Supported Applications

Supported application types will include:

• HTTP Instant Messenger

AOL, Google, Yahoo, MSN, etc

Web-embedded and client tunneling via HTTP

• External Proxies

Greatly improved “Filter Avoidance” URL category

Detect tools like phpproxy, cgiproxy, etc

• Streaming Media

Windows Media, QuickTime, Flash (YouTube), etc

• Many more to come via signature updates!

34


AVC: Bandwidth Control for Streaming Media

In addition to block/allow, additional controls for streaming media include:

• Per-user limits to enforce AUP

• Aggregate limits to control congestion, ensure availability for applications

• Enforced as a throttle, not a quota

• Available bandwidth shared between streams

35


Softwareas a Service

Web Application Control

1. Native control for HTTP, HTTP(s), FTP applications

2. Selective decryption of SSL traffic for security and policy

3. Policy enforcement for applications tunneled over HTTP—FTP, IM, video

4. Application traversal using policy-based HTTP CONNECT

Tunneled Applications

HTTP

Collaboration

ftp://ftp.funet.fi/pub/

36


Integrated Identity and AuthenticationUser-Specific Acceptable Use and Data Security Policies

� Authentication against LDAP servers

� Transparent, single sign-on (SSO) authentication against Active Directory

� Multi-realm sequencing

� Multi-domain authentication

� Guest policies

� Re-Auth and Failed Auth policies

Define Acceptable Use and Data Security Policies using Rich Identity Constructs

NTLM/Active

Directory

37


Malware DefenseMultiple layers for Malware and Spyware Protection


AsyncOS for Web


MalwareDefense

Data Security

1. Malware landscape

2. Multi-layered malware defense

3. Network layer phone-home prevention

4. Reputation filtering and signature scanning

38


Multi-Layered Malware DefenseProtection Against Today’s Threats

� Detects malicious botnet traffic across all ports

� Blocks 70 percent of known and unknown malware traffic at connection time

� Blocks malware based on deep content analysis

39


Detecting Existing ClientInfectionsPreventing “Phone-Home” Traffic

� Cisco IronPort Layer 4 Traffic Monitor

Scans all traffic, all ports, all protocols

Detects malware bypassing Port 80

Prevents botnet traffic

� Powerful anti-malware data

Automatically updated rules

Real-time rule generation using “Dynamic Discovery”

Internet

Users

Network Layer Analysis

Cisco IronPort S-Series

Packet and Header Inspection

Layer 4 Traffic Monitor

40


Web Reputation FiltersPredictive, Real-Time Threat Prevention

URL Blacklists

URL Whitelists

Dynamic IP Addresses

Bot Networks

URL Behavior

Global Volume Data

Domain Registrar Information

Compromised Host List

Real-Time Cloud Analysis

Network Owners

Known Threat URLs

200+ Parameters

SensorBaseNetwork

SecurityModeling

Web ReputationScores (WBRS)

-10 to +10

Web Reputation Filters

Cisco Security Intelligence Operations

41


Protection For a Dynamic Web 2.0 WorldVisibility Beyond the Initial Threat

1. Web pages are made up of objects coming from different sources

2. Objects can be images, executables, JavaScript…

Trusted Web SiteClient PCWeb servers not affiliated with the trusted web site (e.g. ad servers)

Web Reputation Filters Scan each object, not just the initial request

� Compromised websites often grab malicious objects from external sources

� Security means looking at each object individually, not just the initial request

42


Cisco IronPort DVS EngineDynamic Vectoring and Streaming

1. Accelerated signature scanning

Parallel scans

Stream scanning

2. Multiple integrated verdict engines

McAfee and Webroot

3. Automated updates

4. Decrypt and scan SSL traffic

Selectively, based on category and reputation

Dynamic Vectoring and Streaming

43


Complete Data SecuritySimplicity and Choice


AsyncOS for Web


Malware Defense

Data Security

1. Data security imperative and reality

2. Simple on-box data security

3. Advanced off-box data security

44


Data SecurityOn-box Common Sense Security

1.Content metadata inspection, along with visibility and forensics

2.Allow , block, log

Based on file metadata, URL category, user and web reputation

3.Multi-protocol

HTTP(s), FTP, HTTP tunneled

Internet

www.mypartner.com

www.malwarrior.com

Allow, Block, Log

Users

45


Common Sense PoliciesSimple Approach for Avoiding Web Data Breaches

John Smith, Finance

FiscalPlan.xls

Webmail.com

HTTPS

(Encrypted)

John Smith, Finance

FiscalPlan.xls

Taxfirm.com

HTTPS

(Encrypted)

Jane Doe,Sales

CustomerList.doc

Personal-site.com,-9 Reputation score

FTP

46


Non-Human Initiated Data Breaches Critical Data Security Element

Block data loss from malicious phone-home activity

Prevent data-stealing malware from entering the network

Gozi Trojan

� Installs via PDF attachment

� Encrypts itself to evade detection

� Steals data from SSL streams Sinowal Trojan

� Over 500,000 bank accounts compromised

� Suspected ties to Russian Business Network

Trojan.PWS.ChromeInject.B

� Installs via Firefox plug-in

� Captures e-banking credentials

47


Let’s Remove The Borders

48


AnyConnect Secure MobilityAnytime, Anywhere Secure Access

Cisco Security Enforcement Array (SEA)

Cisco

AnyConnect 2.5

Always-on, location-aware, extremely lightweight,

invisible to user

Supported on all major devices and OS

1 2 3Powerful Enforcement

Engines

High Performance

Application and Identity Aware

Hybrid Hosted Delivery

Policy

Abstracted from enforcement layer

Acceptable Use, Access Control, Data Security, Anti-

Malware

49


AnyConnect Secure Mobility

1. Delivered as combined solution across Cisco Security product line

S-Series, ASA, and AnyConnect

2. Full WSA functionality available to mobile users

3. Policy controls and reporting on WSA can distinguish between local and mobile users

4. Single sign-on from AnyConnect to WSA

5. Widest variety of client platforms

Securing Web access in the Borderless Network

50


Cisco Secure Web GatewayIndustry’s Highest-Performance Integrated Solution

Multi-layered malware defense

Web reputation filters

Accelerated signature scanning (DVS

engine)

Prevent botnets and malware bypassing

Port 80 (L4TM)

Integrated authentication

and SSO

Enterprise-classURL filtering

Applications and object filtering

Web usage visibility and tracking

On-box simpledata security

Off-box interoperability with third-party DLP

Prevent malware-initiated data breaches

(L4TM)

ControlSecure Prevent

51


52


53


Date post:	06-Jun-2020
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

Presentation ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 ·...

Documents