Uploaded on

GTRI ScanSafe Slide Deck

GTRI ScanSafe Slide Deck

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
4,427
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
103
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Hi and thanks for taking the time to meet with me today. Over the next 60 minutes or so we’re going to go through some of the key things to consider when looking for a Software-as-a-Service or SaaS Web Security solution. Software as a Service offers many advantages over the traditional approach to web security which involves installing software or appliances on-premise in order to analyze web traffic for inappropriate content and malicious threats.Our reliance on the Web has increased as businesses use the Internet to enable more and more processes – anything from selling through an online store to managing business partner relationships to customer intimacy using Web 2.0 technologies such as facebook or other web-based community. As the amount of time we spend online, and the amount of traffic that we sent and receive increases, as do the demands on the systems that are put in place to manage that communication channel. On premise systems start to expand – needing more hardware – in every location – and the management and maintenance…as well as the cost start to spiral out of control.This is where moving to a SaaS solution starts to have immediate benefits in terms of cost saving. Reduce or eliminate the hardware requirements – drastically reducing cost of acquisition, drastically reducing the cost of maintenance and management, as well as space, power and time. Many customers find that they can reduce their costs by around 40% by moving from a traditional on-premise security product to a SaaS based solution.
  • When we look at what really this borderless experience - it is the world wide web. Web is becoming an indispensible resource for most organizations these days and many organizations rely on the Web for business, research and information. With so much web traffic dominating the enterprise network edge these days, HTTP has become the new TCP.
  • With the increasing use of the Web, there are significant challenges that businesses need to deal with. Of these, risks from malware infections and acceptable use violations are of top concern. Data loss risks over the Web either by compromised machines or human error are quickly becoming an area of concern for many businesses. Finally, a big barrier to adoption of software-as-a-service is the lack of control on employee access to applications and data in the cloud.
  • The challenge of applying security in a borderless network experience has become very multi-dimensional - across devices, applications, and locations. There are more devices accessing applications and data from multiple locations over the internet. While the challenges are the same at the core – Access Control, Acceptable Use Enforcement, Threat Protection and Data Security, the problem has become multi-dimensional in this new environment.
  • Dynamic updates form the third pillar of Cisco SIO.Cisco SIO tracks more than 40,000 vulnerabilities and collects and correlates traffic data – about 500 GB is processed daily – from nearly every publicly routable IP address on the Internet. Every day, more than 3,300 IPS signatures are produced and over 8 million rules are pushed out by Cisco SIO.
  • The Cisco IronPort Web Security Appliance is a secure web gateway designed to allow businesses to gain control and provide security for their web traffic at the network level. We will explore in the next few slides how the WSA squarely addresses all the challenges discussed earlier.
  • When Cisco rolls out a new data center it’s like a force of nature – we always build our data centers out to scale to 100s of thousands of users. Cisco only uses top tier data center facilities with the highest levels of certification such as SAS 70 Type II. These data centers always have the highest level of redundancy including power and cooling as well as network connectivity. Utilizing only the best facilities, combined with our bullet-proof cloud architecture is the reason that we have had 100% uptime for the past 8 years.Of course, we’re also continually investing in additional capacity at our existing data centers so our customers always get the highest level of performance.
  • Before we get into the ScanSafe solution, let’s look at why businesses have been increasingly eager to migrate to a SaaS service – their drivers and the benefits that they have seen post-migration.Let’s start with looking at how people do business, there has been an increasing reliance on the Internet for communication and for actually doing business. Looking at how business partners connect to exchange data, where communities of end users are meeting, everything is moving to the Web, and as a result, people are spending more and more time online. This has a knock on effect – in order to manage and secure that increased Web usage companies using traditional on-premise solutions need to spend more money – to buy more servers, and also to manage larger databases so that the Web usage logs can be stored and used productively. This increase in expenditure is necessarily matched by an increase in budget and so issues can arise.Next look at how businesses are structured. More and more, businesses are de-centralized, with multiple egress points out the internet. This therefore means more egress points to secure, meaning that they either have to deploy even more hardware, or manage VPN backhaul to a central point. Either way, this significantly adds to the complexity and time needed to manage the solution.Let’s also look at security concerns – there is more malware than ever, and this malware is getting more complex, a trend that looks like it’s going to continue for the foreseeable future, and on-premise systems simply don’t have the technology capable of detecting and blocking this new breed of malware. And finally, remote and roaming workers; remember that a security solution is only as secure as the weakest link, and with on-premise solutions this link is always the mobile users that operate outside of the control and security policy defined for the in-office workers.These 4 fundamental shifts in Web usage, and the evolution of the Internet have made the move to SaaS more appealing to a lot of businesses, large and small, across the globe. A SaaS solution can address all of these:Control cost while Internet usage increasesControl cost while securing numerous sites on a global scaleProtect against the most dynamic, dangerous zero-day threatsEnsure consistent security policy across an entire organization – including mobile and roaming workers.So let’s take a look at the fundamental keys to choosing a SaaS security vendor, and how ScanSafe fits the bill.
  • So looking at the ScanSafe solution from a high level, you can see the key elements, many of which we’ve discussed in some detail already in this presentation:For integration and user granularity Integrated management and reporting that covers all aspects of the solution Consistent policy and security for all users, regardless of location – this includes BlackBerry mobile devices Numerous ways to integrate with existing network infrastructure and authentication servicesFor filtering policy Bi-directional content based policy enforcement Dynamic content classification Control over HTTP & HTTPS communicationsFor security Accurate zero-day threat protection Based on the world’s largest Web usage dataset – billions of Web requests a day All security extended to remote and roaming users as well as on-premise usersAnd so overall, ScanSafe offers consistent, enforceable, high-performance Web security and policy, regardless of where or how users access the Internet.
  • When Cisco rolls out a new data center it’s like a force of nature – we always build our data centers out to scale to 100s of thousands of users. Cisco only uses top tier data center facilities with the highest levels of certification such as SAS 70 Type II. These data centers always have the highest level of redundancy including power and cooling as well as network connectivity. Utilizing only the best facilities, combined with our bullet-proof cloud architecture is the reason that we have had 100% uptime for the past 8 years.Of course, we’re also continually investing in additional capacity at our existing data centers so our customers always get the highest level of performance.
  • Before we move on to consider security expertise, let’s take a moment to look at filtering and control. URL filtering, using a database of categorized domains, used to be the best to control the entry of unwanted and inappropriate content to a network – enforcing Acceptable Usage Policy in order to limit legal liability, increase user productivity and control bandwidth usage. However, with the rapid rise in Web 2.0 websites – including social networking and personalized information portals such as iGoogle – have blurred the lines between websites that contain good content and those that contain bad, as both can be present on a single Web page. And to compound the problem, much of the content is user generated (not controlled by a web master), and also information on these Web pages is actually sourced from multiple external locations. Given this hug increase in complexity, a simple list of domains can never actually be effective, they will either over block, or under block. Businesses have the choice of blocking domains completely – and therefore also blocking any appropriate or useful content, or allowing access to the sites, and therefore having to live with the inappropriate content that might be present. This monolithic “On/Off” switch just doesn’t work anymore. Then also consider web sites that never make it into a URL database, those sites that exist for short periods of time and therefore never get categorized – this approach fails outright to protect users against inappropriate or illegal content that exists on sites such as those.In this Web 2.0 world, the only way to protect against bad content coming from good sites is to analyze Web content rather than just the URL it comes from, and also be able to ensure that Web sites that are not present in a URL database can be categorized, in real-time, to make sure that unwanted content from those sites is not permitted on the network. That’s where ScanSafe content control and Dynamic Classification Engine comes in to play to do just that.Another thing to consider is pre-emptive employee education about how to safely use the Internet. Using SearchAhead, which is integrated into the ScanSafe solution, businesses can dynamically categorize every link that is delivered by a search engine, to inform end users if the content of that link is approved or prohibited. This helps prevent any issues BEFORE they arise.This level of dynamic control ensures that ScanSafe customers can use Web 2.0 websites, and do so securely. This is used as a base upon which Web security services are built to help prevent Web threats as well as unwanted Web content.
  • Dynamic updates form the third pillar of Cisco SIO.Cisco SIO tracks more than 40,000 vulnerabilities and collects and correlates traffic data – about 500 GB is processed daily – from nearly every publicly routable IP address on the Internet. Every day, more than 3,300 IPS signatures are produced and over 8 million rules are pushed out by Cisco SIO.
  • So I’ve described how Outbreak Intelligence works – here we can see details of the results that Outbreak Intelligence has had in 2009. The blue slide in this chart is the percentage of blocks that are zero-day blocks made by Outbreak Intelligence, or, to put it another way, the threats that would have evaded traditional list based security systems.You can see that on some days, directly linked to the release of a new zero-day threat, the number of blocks made by Outbreak Intelligence is well over 80% - in 2008 we had numerous days when it was over 90% of all blocks. This is the real benefit – effective protection from zero-day threats.At ScanSafe we can prove to our prospects that our solution works, and works better than the competition. 27% of all malware blocks in 2009 were as a result of Outbreak Intelligence – zero-day threats that evaded signature based security solutions.
  • Latency sensitive applications (such as video) also operate sub-optimally when additional latency (such as that from backhaul) is introduced. By enabling branch offices to securely connect directly to the Internet, these applications can be utilized fully while not compromising on security or control – this has been the traditional barrier to enabling direct access, and these concerns can now be fully addressed.And finally, looking at extending the investment made in Cisco equipment – adding to the already lengthy list of security features enabled in the ISRG2, ScanSafe adds anti-malware and web content control which, delivered as a cloud service, policy and security is enforced in the cloud, not within the device, enhancing security without degrading the performance of the platform as a whole.
  • A lot of complexity in customer requirements, ScanSafe was able to fit the bill.
  • We’ve relied on categorizations to give granularity over certain web sites (third-party FB games as games, things like that)Ultimately, they are like applications now. So many things people want control over that it can’t be done by traditional categorization engine.We have to create signatures based on things inside URLs. This is not just something for ScanSafe; this is a Cisco-wide product.Code has come out of the firewall team, in use by Web Security Appliance, and backed up by SecApps team which are reusable across all of the different platformsWe’ll be able to create a whole new set of filters around these applications; existing filters with categories and mime types are extended to support theseActual GUI is driven by the signature; as we download new signatures, this GUI changesDesigned in a specific way that delivers 3 types of groupingsSocial Networking, type of action, and then by the actual social networking web site itselfFor FaceBook, block all photo uploadsBlock / allow access And we list all supported appsCan decide to click All and have it inherited or individually manage and maintainDirectly aimed at competitors like Palo Alto; even in the cloudAs frequently as daily updates
  • © 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for error, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity" on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp
  • Dynamic updates form the third pillar of Cisco SIO.Cisco SIO tracks more than 40,000 vulnerabilities and collects and correlates traffic data – about 500 GB is processed daily – from nearly every publicly routable IP address on the Internet. Every day, more than 3,300 IPS signatures are produced and over 8 million rules are pushed out by Cisco SIO.
  • Slide 2: Fully Integrated: Policies, Encryption Slide 1: Show HIPAA regulations and SS numbers and Gov’tReg’s moving into the applianceOne Click Policies: 100+ pre-define policies for Comprehensive CoverageSeverity Based Remediation with integrated encryption

Transcript

  • 1. Cisco Content SecurityC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
  • 2. Web Security Product OverviewsC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
  • 3. “Security is THE top issue for Ciscoand many of the CIO’s in the industry.We are now putting the power of theentire company behind it.“This opens a big opportunity for Ciscoand an opportunity for us to help our customersand we will fund it that way.”Source: Jan/Feb Birthday Chatshttp://wwwin.cisco.com/chambers/past_events.shtml#pastTabs=1C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
  • 4. The Numbers Don’t Lie… Gartner estimates 17% growth in the secure web market to around $1B in total revenue for 2011 · BlueCoat -> 9% decline in product revenue for FY2012, CEO’s stretch goal is to not have another decline in web security revenue this year · Websense -> 2% decline in bookings in North America 1H 2011, CEO’s stated goal is to have double digit bookings growth in FY11 (hint: the stock tanked 10% after he re-affirmed that statement) So how do you explain our two main competitors negative growth in such an attractive market? Cisco’s Web Security (WSA and ScanSafe) business grew 40% (again) this year to over $140M in FY11.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
  • 5. What a Difference a Year Makes… 2010 2011C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
  • 6. Web: Enabling the Borderless Experience HTTP Is the New TCP Applications and Data Corporate Office wWw World Wide Web Branch Office Airport Home Office Mobile User Coffee Attackers Partners Customers ShopC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
  • 7. Web Business Challenges Acceptable Rising Data Lack of Use Malware Loss Control over Violations Threats SaaS PolicyC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
  • 8. Mobility: Multi-Dimensional Challenge Location More People, Working from More Places, Device Using More Devices, Accessing More Diverse Applications and Passing Sensitive Data ApplicationC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
  • 9. Acceptable Use Controls for Web 2.0 Cisco IronPort Web Usage Controls Enforce Acceptable URL Filtering  URL database covering over 50M sites worldwide Use Policies  Real-time on-box dynamic  Reduce productivity loss categorization for unknown URLs  Reduce risk of legal liabilities  Auto update every five minutes  Control Web 2.0 traffic and web applications Application Visibility and Control  Control bandwidth intensive  Deep application control, streaming media traffic e.g., IM, Facebook, WebEx  Bandwidth control for streaming media  Site content ratingsC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
  • 10. Cisco Web Security Portfolio Enabling a Business Class Web Premise Form Factor Choice Cloud  Cisco IronPort S-Series: High-  ScanSafe: Proven multi-tenant performance, integrated Web cloud Web security platform security appliance  Global data center footprint  Automatic updates  100% uptime track record  Centralized management & reporting Hybrid Web Security (Future) Protect Enforce Enable Prevent from Malware Acceptable Use Visibility & Control Data LossC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
  • 11. Positioning Guide for WSA and ScanSafe WSA Malware Protection (zero-day + signature scanning) URL Filtering with Dynamic Categorization Centralized Policy Management & Reporting AnyConnect Secure Mobility  One or two egress points  Large number of egress points (branch  Anti-cloud locations going direct to internet)  Application Visibility & Control  General desire to move to the cloud / use other cloud services  Local caching and logging (integration with SIEM)  Large mobile population – AnyConnect integration  Integration with Enterprise DLP (Symantec Vontu, RSA Tablus)  Large ISR G2 deployment or refresh – ISR G2 integration  ReportingC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
  • 12. 30% Global Email Traffic 7B New URLs Tracked per Day 500 GB Data Processed per Day 200 Parameters Tracked 1M Email Rules per Day Advanced Heuristics Enable Secure XC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
  • 13. Cisco IronPort Web Security Appliance Industry Leading Secure Web Gateway Security Malware Protection Data Security Internet Control Acceptable Use Controls SaaS Access Controls Centralized Management and ReportingC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
  • 14. Global Datacenter FootprintC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
  • 15. ScanSafe Product OverviewC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
  • 16. Why SaaS? SaaS offers lower TCO & improved securityC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
  • 17. Market Leadership Customers Vertical: Manufacturing Challenges 12th in Fortune Global 500 Hugely decentralized, non-stand network 270K users worldwide  64 Internet gateways  47 geographic regions  300+ incumbent proxy Awards servers Requirements  Flexible deployment options  Integration into global SSO  Protection for more than Partners 100K mobile users Case Study - General ElectricC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
  • 18. What a Difference a Year Makes… 2010 2011C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
  • 19. Solution OverviewC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
  • 20. Global Datacenter FootprintC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
  • 21. Content Control – Web 2.0  Web 2.0 blurs boundary between good and bad Multiple Web sources on a single page Social Networking User generated content  URL filtering no longer effective Either “over block” or “under block” Especially for “short lived” websites such as proxy avoidance and illegal activities  Requires dynamic classification, search engine analysis & content control  However, true Web security requires real- time content analysisC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
  • 22. Zero-hour Protection - Outbreak IntelligenceC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
  • 23. 30% Global Email Traffic 7B New URLs Tracked per Day 500 GB Data Processed per Day 200 Parameters Tracked 1M Email Rules per Day Advanced Heuristics Enable Secure XC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
  • 24. Outbreak Intelligence - The Results Multiple injection Gumblar attacks Zeus Botnet /Percentage of malware blocks Luckysploit C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
  • 25. Roaming Web Security Integrated with AnyConnect 3.0 Authenticates and directs your external client Web traffic to scanning infrastructure. Numerous datacenters are located all over the world ensuring that your employees are never too far from our in- the-cloud scanning services. SSL-encryption of all Web traffic flowing to datacenters improves security over public networks.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
  • 26. ScanSafe Deployment Methods  AnyConnect VPN  ISR G2  PIM – Passive Identity Management  Connector  Proxy ChainC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
  • 27. ScanSafe Secure Mobility ScanSafe Internet Traffic VPN – Internal Traffic (optional) AnyConnect Web SecurityC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
  • 28. ISR Web Security with Cisco ScanSafe Secure Local Internet Access Internet Cisco IOS Firewall Cisco IOS IPS Local Guest POS LAN Users Wired Security Zone Wireless Security Zone Head OfficeC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
  • 29. PIM - Passive Identity Management Benefits  Provides Active Directory user granularity ScanSafe and group policy enforcement  Provides redundancy/fail over architecture via PAC  No Connector software required Firewall  Supports Dynamic IP registration via Encrypted Header (user granularity) DDNS xss--3-Plel6UC8EGJdNQiG-Mfq..  Proven at-scale in the enterprise  Functionality Active Directory Server  Deployed via log-in script Set encrypted header Login  Browser connects directly to datacenters Script  No data is sent in the clear ` ` `  User granularity information contained in Client Client Client the HTTP/HTTPS headerC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
  • 30. Connector Deployment  Processing  Policy  Thin Agent  Intelligence  Any Windows Server  Tags Web Requests Connect or Active Directory: Scanning Towers Flexible management & redundancy through GPO, PAC  Small Driver  Wi-Fi Protection Roaming WorkersC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
  • 31. Proxy Chain Deployment - BlueCoat AD BCAAA Internet 2 3 1 ScanSafe Tower BlueCoat 4  How it works DMZ 1.Client request is directed to Local Proxy 2.Authentication continues to be managed on Blue Coat via BCAA and AD integration 3.External non-cached content requests are sent to ScanSafe tower via x-forwarded-for headers from Blue Coats 4.Content is served back via Local Proxy  Benefits 1.No user data is sent in the clear 2.Provides user granularity and group policy enforcement 3. Outbreak Intelligence and 2nd Commercial A/V Engine added 4.Provides redundancy/fail over architecture via PAC and proven at-scale in the enterprise 5.Reports delivered in seconds and over 80 attributes stored for every Web request  Assumption 1. BCAAA to be installed and configured within the Active Directory environment.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
  • 32. Case Study - General Electric Challenges Vertical: Manufacturing Hugely decentralized, non-stand network 12th in Fortune Global 500 64 Internet gateways 270K users worldwide 47 geographic regions 300+ incumbent proxy servers Requirements Flexible deployment options Integration into global SSO Protection for more than 100K mobile usersC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
  • 33. C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
  • 34. Cisco IronPort Email Security© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
  • 35. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco. The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartners analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Magic Quadrant for Secure Email Gateways August 10, 2011. Peter Firstbrook, Eric Ouellet.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
  • 36. Multi-layered Inbound Protection Inbound Reputation Virus Outbreak Filtering Anti-Spam Anti-Virus Filters Asyncos™ MTA Platform Encryption Remediation DLP Content Filter OutboundC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
  • 37. Cisco IronPort SenderBase Breadth and Quality of Data Makes the Difference SpamCop, SpamHaus (SBL), NJABL, Bonded Sender Spamvertized URLs, Spam, phishing, Complaint IP Blacklists & Domain Blacklist phishing URLs, virus reports Reports Whitelists & Safelists spyware sites SpamCop, ISPs, customer Compromised SORBS, OPM, Spam Traps contributions Host Lists DSBL Message size, Downloaded Message Web Siteattachment volume, files, linking attachment types, Composition Composition URLs, threat URLs, host names Data Data heuristics Global Volume Data Other Data Over 100,000 organizations, Fortune 1000, length of email traffic, sending history, location, web traffic where the domain is SenderBase hosted, how long has it been registered, how long has the site been up C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
  • 38. 30% Global Email Traffic 7B New URLs Tracked per Day 500 GB Data Processed per Day 200 Parameters Tracked 1M Email Rules per Day Advanced Heuristics Enable Secure XC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
  • 39. Anti-Spam ArchitectureDefense In-depth Multi-layer Spam Defense Senderbase Cisco IronPort Anti-Spam Reputation Filtering Who? How? Score What? Where? Block 90% of Spam >99% Catch Rate < 1 in 1 mil False PositivesC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
  • 40. Anti-Spam ArchitectureDefense In-depth Multi-layer Virus Defense Virus Outbreak Filters Anti-Virus Cisco IronPort Anti-Virus 0 5 15 . zip (exe) Size 50 to 55KB Size 50 to 55KB “Price” in the filenameC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
  • 41. Outbreak FiltersDynamic Quarantine Internet Email Security Inbox Targeted Attack Filter Are Canthe target website Has message attributes the we detect more changed since thean associated like this messages with email emerging botnet? was one? received? Rule Sets Cisco Security Dynamic Intelligence Operations QuarantineC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
  • 42. User ExperienceProtection Beyond the Click Link is clicked Block malware payload via HTTP Website is cleanC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
  • 43. Multi-layered Outbound Protection Inbound Reputation Anti-Spam Anti-Virus Virus Outbreak Filtering Filters Asyncos™ MTA Platform Encryption Remediation DLP Content Filter OutboundC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
  • 44. Data Loss PreventionVariety of PoliciesC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
  • 45. Data Loss PreventionFull Contextual Analysis Accurate jsmith@acme.com Comprehensive Prescription for J Smith Proper name Integrated We need to fax the following prescription information for Roger McMillan FEXOFENANDINE (ALLEGRA) 180 MG TABLET detection Dosage: Take 1 tablet by mouth daily Prescribed by Dr. Joseph A. Kennedy, MD on 7/22/10 Please delivery to pharmacy stat. ============================================== SSN: 331075839 SSN Numbers Matches are found Name: Roger McMillan in close proximity Medical Record: 06135443 Primary Care Provider: Blue Cross Blue Shield CA Clinic: Stanford Hospital Rule is matched Address: multiple times to Unique rule matches 177 Bovet Road increase score San Mateo, CA 94402 are metC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
  • 46. Identity-Based Secure MessagingIntegrated into the Network Secure Confidential Guaranteed Read Email Recall Receipts ForwardingC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
  • 47. Email Recipient: Quick & Easy Access toContentSecure Messaging: Easy for Receiver 1 2 3 Encrypted Message Arrives One Click Extracts Message 4 Message is Available Recipient can Reply with an Encrypted MessageC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
  • 48. EncryptionVisibility and Control Guaranteed Expiration Guaranteed Read Receipt Guaranteed RecallC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
  • 49. Leadership with Choice On-Premises Cloud Hybrid Managed Award-Winning Dedicated SaaS Best of Both Fully Managed Technology Instances Worlds on Premises Backed by Service Level AgreementsC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
  • 50. Thank you.