ScanSafe 2012

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00 1

Cisco Content Security

2© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialC97-567546-00

Web Security Product Overviews


“Security is THE top issue for Cisco and many of the CIO’s in the industry.

We are now putting the power of the entire company behind it.

“This opens a big opportunity for Cisco and an opportunity for us to help our customers

and we will fund it that way.”

Source: Jan/Feb Birthday Chatshttp://wwwin.cisco.com/chambers/past_events.shtml#pastTabs=1

http://wwwin.cisco.com/chambers/past_events.shtml%23pastTabs=1

http://wwwin.cisco.com/chambers/past_events.shtml%23pastTabs=1


The Numbers Don’t Lie… Gartner estimates 17% growth in the secure web market to around $1B in total revenue for 2011

· BlueCoat -> 9% decline in product revenue for FY2012, CEO’s stretch goal is to not have another decline in web security revenue this year

· Websense -> 2% decline in bookings in North America 1H 2011, CEO’s stated goal is to have double digit bookings growth in FY11 (hint: the stock tanked 10% after he re-affirmed that statement)

So how do you explain our two main competitors negative growth in such an attractive market? Cisco’s Web Security (WSA and ScanSafe) business grew 40% (again) this year to over $140M in FY11.


What a Difference a Year Makes…

2010 2011


Web: Enabling the Borderless Experience

Branch Office

Applications and Data

Corporate Office

AttackersCoffee ShopCustomers

Airport

Mobile User Partners

Home Office

wWwWorld Wide Web

HTTP Is the New TCP


Web Business Challenges

Acceptable Use Violations

Rising Malware Threats

Data Loss

Policy

Lack of Control over SaaS


Mobility: Multi-Dimensional Challenge

Location

Device

Application

More People,

Working from More Places,

Using More Devices,

Accessing More Diverse

Applications and Passing

Sensitive Data


Acceptable Use Controls for Web 2.0Cisco IronPort Web Usage Controls

Enforce Acceptable Use Policies Reduce productivity loss

Reduce risk of legal liabilities

Control Web 2.0 traffic and web applications

Control bandwidth intensive streaming media traffic

Application Visibilityand Control

Deep application control, e.g., IM, Facebook, WebEx

Bandwidth control for streaming media

Site content ratings

URL Filtering URL database covering over 50M sites worldwide

Real-time on-box dynamic categorization for unknown URLs

Auto update every five minutes


Form Factor Choice

Cisco Web Security PortfolioEnabling a Business Class Web

Cisco IronPort S-Series: High-performance, integrated Web security appliance

Automatic updates

Centralized management & reporting

ScanSafe: Proven multi-tenant cloud Web security platform

Global data center footprint

100% uptime track record

Hybrid Web Security

(Future)

Protect from Malware

Enforce Acceptable Use

EnableVisibility & Control

PreventData Loss

Premise Cloud


Positioning Guide for WSA and ScanSafe

WSA

Malware Protection (zero-day + signature scanning)

URL Filtering with Dynamic Categorization

Centralized Policy Management & Reporting

AnyConnect Secure Mobility

One or two egress points

Anti-cloud

Application Visibility & Control

Local caching and logging (integration with SIEM)

Integration with Enterprise DLP(Symantec Vontu, RSA Tablus)

Large number of egress points (branch locations going direct to internet)

General desire to move to the cloud / use other cloud services

Large mobile population – AnyConnect integration

Large ISR G2 deployment or refresh – ISR G2 integration

Reporting


Global Email Traffic

30%New URLs Tracked per Day

7B

Data Processed per Day

500 GBParameters Tracked

200Email Rules per Day

1M

Advanced Heuristics Enable Secure X


Cisco IronPort Web Security ApplianceIndustry Leading Secure Web Gateway

Control

Security

Acceptable Use Controls

Malware Protection

Data Security

SaaS Access Controls

Centralized Management and Reporting

Internet


Global Datacenter Footprint


ScanSafe Product Overview


Why SaaS?

SaaS offers lower TCO & improved security


Market LeadershipCustomers

Awards

Partners

Challenges

Hugely decentralized, non-stand network

64 Internet gateways 47 geographic regions 300+ incumbent proxy

servers

Requirements Flexible deployment options Integration into global SSO Protection for more than

100K mobile users

Vertical: Manufacturing

12th in Fortune Global 500

270K users worldwide

Case Study - General Electric


What a Difference a Year Makes…

2010 2011


Solution Overview


Global Datacenter Footprint


Content Control – Web 2.0

Web 2.0 blurs boundary between good and bad

Multiple Web sources on a single page

Social Networking

User generated content

URL filtering no longer effective

Either “over block” or “under block”

Especially for “short lived” websites such as proxy avoidance and illegal activities

Requires dynamic classification, search engine analysis & content control

However, true Web security requires real-time content analysis


Zero-hour Protection - Outbreak Intelligence




7B




1M



Outbreak Intelligence - The Results

Zeus Botnet / Luckysploit

Multiple injection attacks

Pe

rce

nta

ge

of m

alware b

loc

ks

Gumblar


Roaming Web Security

Integrated with AnyConnect 3.0

Authenticates and directs your

external client Web traffic to scanning

infrastructure.

Numerous datacenters are located all

over the world ensuring that your

employees are never too far from our

in-the-cloud scanning services.

SSL-encryption of all Web traffic

flowing to datacenters improves

security over public networks.


ScanSafe Deployment Methods

AnyConnect VPN

ISR G2

PIM – Passive Identity Management

Connector

Proxy Chain


AnyConnectWeb Security

ScanSafe

Internet Traffic

VPN – Internal Traffic(optional)

ScanSafe Secure Mobility


Internal Traffic

ISR Web Security with Cisco ScanSafe

Secure Local Internet Access

Cisco IOS Firewall Cisco IOS IPS

POSLocal LAN

Guest Users

Wired Security Zone Wireless Security Zone Head Office

Internet


Firewall

`

Client

Active Directory Server

`

Client

`

Client

ScanSafe

xss--3-Plel6UC8EGJdNQiG-Mfq..

Encrypted Header (user granularity)

LoginScript

Set encrypted header

PIM - Passive Identity Management

Benefits Provides Active Directory user granularity

and group policy enforcement Provides redundancy/fail over

architecture via PAC No Connector software required Supports Dynamic IP registration via

DDNS Proven at-scale in the enterprise

Functionality Deployed via log-in script Browser connects directly to datacenters No data is sent in the clear User granularity information contained in

the HTTP/HTTPS header


Connector Deployment

Connector

Processing Policy Intelligence

Scanning TowersActive Directory: Flexible management & redundancy through GPO, PAC

Thin Agent Any Windows

Server Tags Web

Requests

Small Driver Wi-Fi

Protection

Roaming Workers


Proxy Chain Deployment - BlueCoat

How it works

1.Client request is directed to Local Proxy

2.Authentication continues to be managed on Blue Coat via BCAA and AD integration

3.External non-cached content requests are sent to ScanSafe tower via x-forwarded-for headers from Blue Coats

4.Content is served back via Local Proxy

Benefits

1.No user data is sent in the clear

2.Provides user granularity and group policy enforcement

3. Outbreak Intelligence and 2nd Commercial A/V Engine added

4.Provides redundancy/fail over architecture via PAC and proven at-scale in the enterprise

5.Reports delivered in seconds and over 80 attributes stored for every Web request

Assumption

1. BCAAA to be installed and configured within the Active Directory environment.

ScanSafe Tower

1

4

Internet

2

DMZBlueCoat

3

BCAAAAD


Case Study - General Electric

Challenges

Hugely decentralized, non-stand network64 Internet gateways47 geographic regions300+ incumbent proxy servers

Requirements

Flexible deployment optionsIntegration into global SSOProtection for more than 100K mobile users

Vertical: Manufacturing

12th in Fortune Global 500

270K users worldwide


Cisco Confidential 40© 2011 Cisco and/or its affiliates. All rights reserved.

Cisco IronPort Email Security


Cisco Positioned in the Leaders Quadrant of Gartner, Inc.'s Secure Email Gateways Magic Quadrant

Magic Quadrant for Secure Email Gateways August 10, 2011. Peter Firstbrook, Eric Ouellet.

This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco.

The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Multi-layered Inbound Protection

Asyncos™ MTA Platform

Encryption Remediation DLP Content Filter

Inbound

Outbound

Reputation Filtering

Virus Outbreak FiltersAnti-Spam Anti-Virus


Global Volume

Data

Global Volume

Data

Over 100,000 organizations, email traffic, web traffic

Message

Composition

Data

Message

Composition

Data

Message size, attachment

volume, attachment types,

URLs, host names

Spam TrapsSpam Traps

SpamCop, ISPs, customer

contributions

IP Blacklists &

Whitelists

IP Blacklists &

Whitelists

SpamCop, SpamHaus (SBL), NJABL, Bonded Sender

Compromised

Host Lists

Compromised

Host Lists

Downloaded files, linking URLs, threat heuristics

SORBS, OPM,

DSBL

Fortune 1000, length of sending history, location,

where the domain is hosted, how long has it been registered, how

long has the site been up

Complaint

Reports

Complaint

Reports

Spam, phishing,

virus reports

Spamvertized URLs, phishing URLs, spyware sites

Domain Blacklist

& Safelists

Domain Blacklist

& Safelists

SenderBase

Other DataOther Data

Web Site

Composition

Data

Web Site

Composition

Data

Cisco IronPort SenderBase Breadth and Quality of Data Makes the Difference




7B




1M



Block 90% of Spam

Anti-Spam ArchitectureDefense In-depth

Multi-layer Spam Defense

Cisco IronPort Anti-SpamSenderbase Reputation Filtering

>99% Catch Rate< 1 in 1 mil False Positives

Who? How?

What? Where?

Score


Anti-Spam ArchitectureDefense In-depth

Multi-layer Virus Defense

Anti-Virus

.

Cisco IronPort Anti-VirusVirus Outbreak Filters

Size 50 to 55KB

“Price” in the filename

Size 50 to 55KBzip (exe)

5015


Outbreak FiltersDynamic Quarantine

Are the message attributes associated with an emerging botnet?

Has the target website changed since the email

was received?

Can we detect more messages like this

one?

Internet Inbox

Targeted Attack Filter

Email Security

Dynamic Quarantine

Cisco Security Intelligence Operations

Rule Sets


User ExperienceProtection Beyond the Click

Link is clicked

Block malware payload via HTTP

Website is clean


Multi-layered Outbound Protection

Reputation Filtering

Anti-Spam Anti-Virus

Inbound

Outbound

Virus Outbreak Filters

Content Filter

Asyncos™ MTA Platform

Encryption Remediation DLP


Data Loss PreventionVariety of Policies


We need to fax the following prescription information for Roger McMillan

FEXOFENANDINE (ALLEGRA) 180 MG TABLET

Dosage: Take 1 tablet by mouth daily

Prescribed by Dr. Joseph A. Kennedy, MD on 7/22/10

Please delivery to pharmacy stat.

==============================================

SSN: 331075839

Name: Roger McMillan

Medical Record: 06135443

Primary Care Provider: Blue Cross Blue Shield CA

Clinic: Stanford Hospital

Address:177 Bovet RoadSan Mateo, CA 94402

Data Loss PreventionFull Contextual Analysis

Matches are found in close proximity

Accurate

Comprehensive

Integrated

[email protected]

Prescription for J Smith

Rule is matched multiple times to increase score

Proper namedetection

Unique rule matches are met

SSN Numbers


Identity-Based Secure MessagingIntegrated into the Network

SecureForwarding

Confidential Email

Guaranteed Recall

Read Receipts


Email Recipient: Quick & Easy Access to ContentSecure Messaging: Easy for Receiver

Message is Available

3

Encrypted Message Arrives

1

One Click Extracts Message

2

4

Recipient can Reply with an Encrypted Message


Encryption Visibility and Control

Guaranteed Recall

Guaranteed Read Receipt

Guaranteed Expiration


On-Premises Cloud Hybrid Managed

Award-Winning Technology

Dedicated SaaS Instances

Best of BothWorlds

Fully Managedon Premises

Backed by Service Level Agreements

Leadership with Choice

Thank you.Thank you.

ScanSafe 2012

Documents

scrglobal

requirementsflexible

00dynamic

global email

correlates

cisco sio

00when cisco

existing data