Advanced Web Security Deployment

1,044 views
891 views

Published on

In a confusing web world of "Like" buttons, tweets, Instagram'ing, and files being stored in clouds like Dropbox, organizations are challenged with how to protect the network, while not hindering business. To make matters worse, vendors are confusing the deployment methods by introducing On Premise Web Security Gateways, Cloud Web Security Gateways and Next Generation Firewalls.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,044
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Advanced Web Security Deployment

  1. 1. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11© 2012 Cisco and/or its affiliates. All rights reserved.Toronto, CanadaMay 30, 2013Advanced Web SecurityDeploymentOn-Premise, Cloud, Next GenFirewall?Steve GindiProduct Security SpecialistCisco Systems
  2. 2. Agenda• Cisco State of the NationIndustry TrendsGartner Overview• Cisco Securing the NationSecond level bullets are18 pts in size• Cisco Deployment Optionssizing words, do not italicize• Live Demo
  3. 3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3Cisco State of theNation
  4. 4. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 4Where You Visit Online…36%search engines22%Online video13%Advertisements20%Social networks0% 5% 10% 15% 20% 25% 30% 35% 40%Search EngineOnline VideoAdsSocial NetworkHits to Top Web Properties
  5. 5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5…Is Where The Threats AreSearch Engines vs. Counterfeit Software27x more likelyto deliver malicious contentOnline Advertisements vs. Pornography182x more likelyto deliver malicious contentOnline Shopping vs. Counterfeit Software21x more likelyto deliver malicious content
  6. 6. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6A More Targeted Attack0%10%20%30%40%50%60%70%80%90%Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov DecPerscription DrugsLuxury WatchesCredit CardBusiness ReviewsProfessional NetworkElectronic Money TransferAccounting SoftwareSocial NetworkProfessional AssociationsAirlineMailWeight LossGovernment OrganizationWindows SoftwareCellular CompanyOnline ClassifiedsTaxesPrescription DrugsLuxury WatchesCredit CardBusiness ReviewsProfessional NetworkElectronic Money TransferAccounting SoftwareSocial NetworkProfessional AssociationsAirlineMailWeight LossGovernment OrganizationWindows SoftwareCellular Company
  7. 7. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7A More Targeted Attack15APRILJanuary-March:Windows Software spam, whichcoincided with the release of theMicrosoft Windows 8 consumer previewFebruary-April:Tax software spam during U.S. taxseason.January-March and September-December: Spam based onProfessional networks like LinkedIn,correlated with desire for a change incareer during the beginning and end ofthe year.
  8. 8. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8Data LossBusiness PipelineSocial NetworkingWebmailAppsHotmailMalwareInfectionsAcceptable UseViolations
  9. 9. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9LocationDeviceApplicationMore People, Working from More Places, Using More Devices,Accessing More Diverse Applications, and Passing Sensitive Data
  10. 10. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10Mobile Malware (mis)InformationAndroid Mobile Device Trending2577%Android Malware growsover 2012Mobile make up less than .5%of total web malwareencounters.5%
  11. 11. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11Gartner Magic QuadrantSecure Web Gateway, 2012The Magic Quadrant is copyrighted 2009 by Gartner, Inc. andis reused with permission. The Magic Quadrant is a graphicalrepresentation of a marketplace at and for a specific timeperiod. It depicts Gartner’s analysis of how certain vendorsmeasure against criteria for that marketplace, as defined byGartner. Gartner does not endorse any vendor product orservice depicted in the Magic Quadrant, and does not advisetechnology users to select only those vendors placed in the"Leaders” quadrant. The Magic Quadrant is intended solelyas a research tool, and is not meant to be a specific guide toaction. Gartner disclaims all warranties, express or implied,with respect to this research, including any warranties ofmerchantability or fitness for a particular purpose.This Magic Quadrant graphic was published by Gartner, Inc.as part of a larger research note and should be evaluated inthe context of the entire report. The Gartner report is availableupon request from Cisco.
  12. 12. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12Cisco Securing theNation
  13. 13. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13Web Security PortfolioCENTRALIZED MANAGEMENT AND REPORTINGSingle console for WSA or CWS solutionsANYCONNECT SECURE MOBILITY CLIENTCoffee ShopMobile UserHome OfficeWEB SECURITY ESSENTIALSApplication Visibility and ControlURL Filtering, ReputationADVANCED WEB SECURITYAnti-Malware Scanningand Prevention, DLPCloudAppliance Virtual FirewallRouter
  14. 14. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14Current DatacentersBrazilCanada (E), (W)BangaloreChicagoCopenhagenDallasFrankfurtHong KongLondonMiamiNew York MetroParisSan JoseSingaporeSydneyTokyoZurichIn Progress DatacentersDubaiMexicoSouth Africa
  15. 15. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15Visibility Control0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 1110010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111Cisco SIO1.6MGLOBAL SENSORS75TBDATA RECEIVED PER DAY150M+DEPLOYED ENDPOINTS35%WORLDWIDE EMAIL TRAFFIC13BWEB REQUESTSWWWEmail WebDevicesIPS EndpointsNetworks24x7x365OPERATIONS40+LANGUAGES600+ENGINEERS, TECHNICIANS AND RESEARCHERS80+PH.D.S, CCIE, CISSP, MSCE$100M+SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT3 to 5MINUTE UPDATES5,500+IPS SIGNATURES PRODUCED8M+RULES PER DAY200+PARAMETERS TRACKED70+PUBLICATIONS PRODUCEDUnmatched Cloud-Based Global Threat IntelligenceInformationActionsWWWESA ASA WSAAnyConnectCWS IPS
  16. 16. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 16Every Click, Every ObjectReputation andHeuristical AnalysisSignature basedAnti-VirusProtection Adaptive ScanningLayer 4Traffic MonitorMalicious Traffic fromInfected ClientsAcross All Ports &All ProtocolsMalicious ServerIn-line / Real-time
  17. 17. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 17Application Visibility and Control• Deep application control,e.g., IM, Facebook, WebEx• Dynamic updates• Site content ratingsURL Filtering• URL database coveringover 50M sites worldwide• Real-time dynamiccategorization forunknown URLsEnforce Acceptable Use Policies• Reduce productivity loss• Reduce risk of legal liabilities• Control Web 2.0 traffic and web applications
  18. 18. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 18WSAASAOn-PremiseAnyConnect ClientRedirect toPremise or CloudCloudMobile User
  19. 19. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19DLP Vendor BoxWSAHotmailOn-box DataSecurity PoliciesOff-box Integrationfor Enterprise DLP
  20. 20. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 20Centralized ReportingCentralized ManagementCentralized PolicyManagementDelegatedAdministrationIn-Depth Threat VisibilityExtensive Forensic CapabilitiesInsightAcross Threats,Data and ApplicationsControlConsistent Policy Across Officesand for Remote UsersVisibilityVisibility Across Different Devices,Services, and Network Layers
  21. 21. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 21Web Security PortfolioCENTRALIZED MANAGEMENT AND REPORTINGSingle console for WSA or CWS solutionsANYCONNECT SECURE MOBILITY CLIENTCoffee ShopMobile UserHome OfficeWEB SECURITY ESSENTIALSApplication Visibility and ControlURL Filtering, ReputationADVANCED WEB SECURITYAnti-Malware Scanningand Prevention, DLPCloudAppliance Virtual FirewallRouter
  22. 22. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 22Cisco DeploymentOptions
  23. 23. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 23Web Security PortfolioCENTRALIZED MANAGEMENT AND REPORTINGSingle console for WSA or CWS solutionsANYCONNECT SECURE MOBILITY CLIENTCoffee ShopMobile UserHome OfficeWEB SECURITY ESSENTIALSApplication Visibility and ControlURL Filtering, ReputationADVANCED WEB SECURITYAnti-Malware Scanningand Prevention, DLPCloudAppliance Virtual FirewallRouter
  24. 24. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24Cisco Web Security EssentialsWSA CWS ASA-XURL Filtering Granular categories and dynamic classification updated by SIOPolicy Management Flexible control of use, applications, social media, etc.AVC 1000 applications, 75,000+ microapplicationsSIO Updates 75TB of threat telemetry dailyReporting Valuable insight on-box, or viaSplunk for large implementationsValuable insight hosted in the cloud Valuable insight on boxWeb Reputation Only vendor to examine IP,domain, URL and senderreputationsOnly vendor to examine IP, domain,URL and sender reputationsOnly vendor to examine IP, domain,URL and sender reputations
  25. 25. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25Cisco Advanced Web SecurityWSA CWS ASA-XWeb Security Essentials, plusReal-time MalwareScanningSophos & Webroot, McAfeeoptionalMultiple malware engines Cisco SIODLP Integrates with existing DLPvendors (RSA, Symantec, etc.)Via content filtering rules N/ASIEM Integration Native integration with ArcSight,LogLogic, netForensics, RSA,SplunkVia WSA Connector N/AWeb Proxy Caching, logging, audio/videothrottling, ADintegration/authenticationN/A N/AL4 Traffic Monitoring Prevents Trojans, blocks “phonehome” infectionsN/A N/A
  26. 26. CISCO WEB SECURITYAPPLIANCEHigh-performance unifiedapplianceSingle box design forsimplified controlEssentials license:AVC, URL filtering,reputationAdvanced license:Anti-malware, DLPIntegrationUnified reporting andmanagement toolFlexible Deployment OptionsCISCO CLOUD WEBSECURITYCloud-based unified websecurityConnector software forHW deploymentsEssentials license:AVC, URL filtering,reputationAdvanced license:Anti-malware, DLP viapoliciesCloud-based reportingand managementCISCO ASA-X ANDCWS CONNECTORNext-Generation firewallIntegrated web securityessentials:AVC, URL filtering,reputationAdvanced web securitythrough CWSconnector:Anti-malware, DLP viapoliciesUnified reporting andmanagement through CXCISCO ISR-G2 WITHCWS CONNECTORCWS connector forbranch deploymentsEssentials license:AVC, URL filtering,reputationAdvanced license:Anti-malware, DLP viapoliciesCloud-based reportingand managementVIRTUAL WEBSECURITY APPLIANCE*Virtual WSA for simplifiedmulti-location deploymentUnified web securityEssentials license:AVC, URL filtering,reputationAdvanced license:Anti-malware, DLPIntegrationUnified reporting andmanagement tool*Coming Q4 FY13CloudAppliance Virtual FirewallRouter
  27. 27. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27Cisco ConfidentialCisco Connect 27© 2012 Cisco and/or its affiliates. All rights reserved.“Which Approach is right for mybusiness???????”
  28. 28. Which Deployment Method Do I Choose?DRIVERS WSA CWS ASA-XLocation: Large, centralized HQ Many branches, remote users Smaller HQSecurity:Real time malware protection X X SIORegulatory:SIEM/DLP/SOCKS/FTP X X (w/WSA Connector)Network:Bandwidth Control X XOperations:Existing ASA/ISR X XCloud, Virtual Initiatives X XCost Considerations X* Hybrid deployment via WSA Connector
  29. 29. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29UsersCisco Web Security – On PremiseUsersInternetFirewallUCS +• Deployment Options• Explicit Deployments – Browseris aware there is a proxy server• Transparent Deployments –Layer 3/4 redirection via WCCPor Traffic Management DeviceSame functionality as WSAAppliance, plusSelf-Service ProvisioningInstant ProvisioningIncluded with SoftwareBundleUnlimited LicenseMix & Match deploymentCisco WebSecurity VirtualAppliance
  30. 30. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30Cisco Cloud Web SecuritySimplified and scalable deploymentsDirect to CloudASAISR-G2WSAAnyConnectCloud Web SecurityReuses appliancesURL FilteringApplication Visibility & ControlMultiple Malware EnginesSIEM/DLP/SOCKS/FTPSIO UpdatesPolicy ManagementReportingMultiple Connector OptionsEliminates desktop agentReduces vendorsEliminates backhaul
  31. 31. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31Cisco ASA CX• Next-Generation Protection. Proven Cisco technology.ContextAwarePolicyEnginePluggableContextStoresContext Aware Data PlaneVirtual Packet RingsnScan ArrayTLS & SSLHTTP MS-RPCFTP Scanner‘N’• Context Aware• Most comprehensive controls –applications, users, and devices• Most widely deployed remote access• Essential web security• Threat Aware• Reputation-based protection from zero-daythreats• Analyzes global data from multiple threatvectors• Reputation analysis via human and machineintelligenceRobust stateful inspection and broadest context-aware controls
  32. 32. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32Cisco ConfidentialCisco Connect 32© 2012 Cisco and/or its affiliates. All rights reserved.“DEMO”
  33. 33. Complete Your Paper“Session Evaluation”Give us your feedback and you could win1 of 2 fabulous prizes in a random draw.Complete and return your paperevaluation form to the room attendantas you leave this session.Winners will be announced today.You must be present to win!..visit them at BOOTH# 100
  34. 34. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34Thank you.

×