Scan Safe

ScanSafe Overview

ScanSafe overview

Solution highlights

Deployment options

Agenda

Customers

• Industry’s most mature platform

• 20 Billion web requests per month

• 1,000’s of customers across 80 countries

• 200 Million Blocks per Month

• Global network operations in 4 continents

• SLA backed 99.999% service uptime

#1 SaaS Web Security Solution“The first successful in-

the-cloud secureWeb gateway service”

Web Security – A Big Market Where Cisco is #1

Web Security Market Large: Overall market $2.5B by

2013 Broad across size, industry,

geography Growing: Market Growth at 12.3%

CAGR; But 46.5% CAGR for SaaS segment

Web Security Market Large: Overall market $2.5B by

2013 Broad across size, industry,

geography Growing: Market Growth at 12.3%

CAGR; But 46.5% CAGR for SaaS segment

Web Security – Market Shift to SaaS

SaaS is growing much faster than legacy software/hardware as it delivers lower TCO and effective security. Ideal for customers with distributed networks and mobile workers

Cisco ScanSafe is the dominant provider in SaaS, with 35% market share or 5x nearest competitor according to latest IDC research

Solution Overview

PositioningRequired Information:-

Overview of Prospect i.e. Seats/Locations/Gateways

Customer Project or Problem

Business Drivers – Compelling Mechanism

Timescales

Budget

Why ScanSafe:-

1. We do it cheaper, by saving time on cleaning infected PC’s & by managing the software on a day to day basis

2. We are more secure, 200 million malware blocks a month – spyware/malware/viruses

3. We are a complete solution – Internal users & External users are controlled via the same service

FREE EVAL FOR 30 DAYS – NO OBLIGATION TO PURCHASE

Very significant market/vendor consolidation in past 2 years

Key Competitors:Websense – incumbent in large % of deals. Focus on renewal unless pushed.

Increase in development in SaaS platform. Continued move to try and position as a security vendor

Blue Coat – incumbent in large % of deals. Not that security focused. Rarely lose new business deals

MessageLabs – focus on email security with web security offered for completeness. Low cost, low functionality

Zscaler – small and relatively new, v. aggressive, may be acquired. Partnership with Microsoft. Less success in larger Enterprise customers.

1. Websense

2. Blue Coat

3.MessageLabs

4. Zscaler

1. Websense

2. MessageLabs

3. Blue Coat

4. Microsoft (?)

Today 12 months

Competitive Outlook

ScanSafe Competitive Differentiation

Clear market leadership position (~34% market share) More customers than any other cloud Web security solution ScanSafe sees more real-world Web traffic than any other solution

Leading content visibility & zero-day threat protection Large database of Web content used to “train” security engine Uses combination of static & dynamic analysis Proven to block >25% more malware than signature solutions

Proven reliability Web is now business critical communication 100% uptime for 7 years

Superior reporting Complete flexibility into reporting criteria Allows end users to define exactly what data is important

ScanSafe overview

Solution highlights

Deployment options

Agenda

Data Flow with ScanSafe

Web requests

Allowed traffic

Filtered traffic

Scalability & ReliabilityReliability 15 Data Centers spanning four continents Top tier certification Thousands of devices deployed 100% availability, automated monitoring, full redundancy

San Francisco

Dallas Miami

New York

Chicago

London (2)

Paris

Copenhagen

Frankfurt Tokyo

Hong Kong

Sydney (2)

Singapore

Additional Data Centers planned

Scalability Billions of Web requests/day Highly Parallel processing Multi-tenant architecture: average <50 ms latency 10Gb connectivity Redundant network providers

Zero-day Protection with Outbreak Intelligence

Pe

rce

nta

ge

of m

alw

are

blo

ck

s

01

-Jan

-09

15

-Jan

-09

29

-Jan

-09

12

-Fe

b-0

9

26

-Fe

b-0

9

12

-Ma

r-09

26

-Ma

r-09

09

-Ap

r-09

23

-Ap

r-09

07

-Ma

y-09

21

-Ma

y-09

04

-Jun

-09

18

-Jun

-09

02

-Jul-0

9

16

-Jul-0

9

30

-Jul-0

9

13

-Au

g-0

9

27

-Au

g-0

9

10

-Se

p-0

9

24

-Se

p-0

9

08

-Oct-0

9

22

-Oct-0

9

05

-No

v-09

19

-No

v-09

03

-De

c-09

17

-De

c-09

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Outbreak Intelligence - The Results

Zeus Botnet / Luckysploit

Multiple injection attacks

Gumblar

Multiple rules and schedules for User/Group granularity Bi-directional content based policy enforcement Dynamic content classification Control over HTTP & HTTPS communications

ScanCenter - Management

Over 24,000 report combinations covering more than 80 attributes in 11 reporting categories

Cumulative, trending and search driven forensic reports, comprehensive drill down analysis

Based on data warehouse infrastructure for performance Scheduled reports can be sent securely to defined users Granular reporting enables actionable remedies to issues

and unrivalled visibility into resource usage

Web Intelligence Reporting

ScanSafe overview

Solution highlights

Deployment options

Agenda

Deployment options

18

ScanSafe Deployment Options

• No User Granularity Required

• User / Group Granularity Required

• Connector-less Solutions

• Roaming & Remote Users

Agenda

ScanSafe Deployment Options

20

No User Granularity Required

Firewall directs port 80 traffic to web security service via Transparent Proxy / Port Forward (no browser changes required)

Available with certain perimeter devices that have the ability to forward traffic based on port or protocol (BlueCoat, ISA, CheckPoint, Watchguard, SonicWall, Netgate etc…)

Provides Site/External IP granularity

NOTE: Many Cisco devices are not capable of port forwarding

Port Forward

ScanSafe Websecurity Service

Port Forwarding / Transparent Proxy

Proxy Settings are pushed to browsers via Active Directory GPO

Browsers connect through Firewall on port 8080 to Web Security Service

Firewall blocks all other GET requests

Provides Site/External IP granularity

ScanSafe Websecurity Service

DC

Browser Redirection via GPO / PAC file

1. Through GPO, Desktop Users are configured to reference a PAC file with each browser session

2. A global PAC file can point to different ScanSafe towers dependant on internal IP

3. Web requests are sent directly to the ScanSafe towers

PAC File Deployment

Deployment - AD Group Policy

Can be targeted to the AD site, domain or individual OUs.

Supports various OS platforms: Windows 2000 Windows 2k3

Server Windows XP Windows Vista Windows 7

ScanSafe Deployment Options

User / Group Granularity Required

25

Proxy Settings are pushed to browsers via AD,GPO or PAC file

Forwards web traffic to ScanSafe on port 8080/443 to the Cloud based Tower

Connector receives Client info and queries Active Directory Server for Group Information, then proxies to ScanSafe upstream

Set Firewall to block all other GET requests

Provides IP/End User/Group granularity

ScanSafe Websecurity Service

DC Connector

Standalone Connector

Web Security Service is configured as upstream proxy on currently installed proxy device

Current proxy device communicates with Connector ICAP (on box) to provide IP/User/Group information (5,500 Users max recommended)

Browser traffic is directed to existing Proxy via GPO or PAC files

Set firewall to block all other GET requests

Provides IP/End User/Group granularity

ScanSafe Websecurity Service

DC

ISA Server

Enterprise Connector - Inline ISA

Web Security Service is configured as upstream proxy on currently installed proxy device

Current proxy device communicates with Connector via ICAP to provide IP/User/Group information

Requires no further Client configuration

Set firewall to block all other GET requests

Provides IP/End User/Group granularity

ScanSafe Websecurity Service

DC

3rd Party Proxy

Connector

Enterprise Connector - ICAP

ScanSafe Deployment Options

29

Connector-less Solutions

Provides AD user and group granularity.

BCAAA must be installed and configured within the Active Directory environment.

To also send internal IP address to the ScanSafe Scanning towers, Blue Coat must be configured to include x-forwarded-for headers.

BC can run in transparent or explicit proxy mode

Set firewall to block all other GET requests

Provides End User/Group (possible IP granularity)

ScanSafe Websecurity Service

BlueCoat Proxy

BCAAA

AD Server

BlueCoat Integration - Connector-less

Proxy Settings are pushed to browsers via Active Directory GPO or PAC file OR PIM can be run in transparent mode with ISA / Bluecoat

Login Script (or GPO etc) runs the PIM.EXE with required switches

Requires no client installation

Firewall blocks all other GET requests

Provides End User/Group granularity

ScanSafe Websecurity Service

DC

PIM.EXE Runs at Login

PIM - Passive Identity Management

There are many customers that do not want to deploy proxy servers yet still want granular policy control. This can be because of the shear number of sites they have to manage or for other technical reasons

Deploying a small number of proxy servers to where many different locations tunnel, negates a lot of the advantages of modern MPLS networks and increases latency and bandwidth costs

Why PIM?

PIM adds -XS headers to the browser’s user agent string

Included in this string is a unique hash that identifies the user in our Scanning tower

This detail is encrypted

Upon logon, PIM sends an out-of-bound request to the scanning tower and uploads the group information for that user

These groups are automatically created in ScanCenter

Following registration, each time a request to the Web is made, only the hash is sent to us along with the request and we can indentify the user and apply the correct policy according to the relevant group/s

How Does PIM Work?

PIM Data Flow

The InternetCisco/ScanSafeDataCentre(s)

Client runningPIM(IE/FireFox)

CorporateFirewall

Internet request (Browsing)Directory Sync request (Registration)

ScanSafe Deployment Options

35

Roaming / Remote Users

Installs a Network Driver which binds to all connections (LAN, Wireless , 3G)

Automatic Peering Identifies nearest ScanSafe Datacenter and whether a connection is possible.

AD information can be remembered from when the user was last on the corporate network using the Gpresult API (group policy)

3rd Party Firewall

Websecurity Service

Hotspot 3rd Party Proxy

Anywhere+

Roaming Users (Anywhere+)

How Does it Work?

Authenticates and directs your external client Web traffic to our scanning infrastructure

Numerous datacenters are located all over the world ensuring that users are never too far from our in-the-cloud scanning services

SSL encryption of all Web traffic sent improves security over public networks

37

Feature Known Environment(Remote)

Anywhere+ (True Roaming)

Access ScanSafe services from outside of corporate LAN

Suitable for home workers

Works with a VPN

Works through another proxy

Transparent to end user

Works at a network which requires payment (e.g. Hotspot)

Encrypts all web traffic to prevent eavesdropping

Tamper resistant

Location Aware (reduces latency)

Anywhere+ True Roaming Support