ScanSafe 2012

6,310 views

Published on

GTRI ScanSafe Slide Deck

  • Be the first to comment

ScanSafe 2012

  1. 1. Cisco Content SecurityC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
  2. 2. Web Security Product OverviewsC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
  3. 3. “Security is THE top issue for Ciscoand many of the CIO’s in the industry.We are now putting the power of theentire company behind it.“This opens a big opportunity for Ciscoand an opportunity for us to help our customersand we will fund it that way.”Source: Jan/Feb Birthday Chatshttp://wwwin.cisco.com/chambers/past_events.shtml#pastTabs=1C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
  4. 4. The Numbers Don’t Lie… Gartner estimates 17% growth in the secure web market to around $1B in total revenue for 2011 · BlueCoat -> 9% decline in product revenue for FY2012, CEO’s stretch goal is to not have another decline in web security revenue this year · Websense -> 2% decline in bookings in North America 1H 2011, CEO’s stated goal is to have double digit bookings growth in FY11 (hint: the stock tanked 10% after he re-affirmed that statement) So how do you explain our two main competitors negative growth in such an attractive market? Cisco’s Web Security (WSA and ScanSafe) business grew 40% (again) this year to over $140M in FY11.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
  5. 5. What a Difference a Year Makes… 2010 2011C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
  6. 6. Web: Enabling the Borderless Experience HTTP Is the New TCP Applications and Data Corporate Office wWw World Wide Web Branch Office Airport Home Office Mobile User Coffee Attackers Partners Customers ShopC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
  7. 7. Web Business Challenges Acceptable Rising Data Lack of Use Malware Loss Control over Violations Threats SaaS PolicyC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
  8. 8. Mobility: Multi-Dimensional Challenge Location More People, Working from More Places, Device Using More Devices, Accessing More Diverse Applications and Passing Sensitive Data ApplicationC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
  9. 9. Acceptable Use Controls for Web 2.0 Cisco IronPort Web Usage Controls Enforce Acceptable URL Filtering  URL database covering over 50M sites worldwide Use Policies  Real-time on-box dynamic  Reduce productivity loss categorization for unknown URLs  Reduce risk of legal liabilities  Auto update every five minutes  Control Web 2.0 traffic and web applications Application Visibility and Control  Control bandwidth intensive  Deep application control, streaming media traffic e.g., IM, Facebook, WebEx  Bandwidth control for streaming media  Site content ratingsC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
  10. 10. Cisco Web Security Portfolio Enabling a Business Class Web Premise Form Factor Choice Cloud  Cisco IronPort S-Series: High-  ScanSafe: Proven multi-tenant performance, integrated Web cloud Web security platform security appliance  Global data center footprint  Automatic updates  100% uptime track record  Centralized management & reporting Hybrid Web Security (Future) Protect Enforce Enable Prevent from Malware Acceptable Use Visibility & Control Data LossC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
  11. 11. Positioning Guide for WSA and ScanSafe WSA Malware Protection (zero-day + signature scanning) URL Filtering with Dynamic Categorization Centralized Policy Management & Reporting AnyConnect Secure Mobility  One or two egress points  Large number of egress points (branch  Anti-cloud locations going direct to internet)  Application Visibility & Control  General desire to move to the cloud / use other cloud services  Local caching and logging (integration with SIEM)  Large mobile population – AnyConnect integration  Integration with Enterprise DLP (Symantec Vontu, RSA Tablus)  Large ISR G2 deployment or refresh – ISR G2 integration  ReportingC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
  12. 12. 30% Global Email Traffic 7B New URLs Tracked per Day 500 GB Data Processed per Day 200 Parameters Tracked 1M Email Rules per Day Advanced Heuristics Enable Secure XC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
  13. 13. Cisco IronPort Web Security Appliance Industry Leading Secure Web Gateway Security Malware Protection Data Security Internet Control Acceptable Use Controls SaaS Access Controls Centralized Management and ReportingC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
  14. 14. Global Datacenter FootprintC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
  15. 15. ScanSafe Product OverviewC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
  16. 16. Why SaaS? SaaS offers lower TCO & improved securityC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
  17. 17. Market Leadership Customers Vertical: Manufacturing Challenges 12th in Fortune Global 500 Hugely decentralized, non-stand network 270K users worldwide  64 Internet gateways  47 geographic regions  300+ incumbent proxy Awards servers Requirements  Flexible deployment options  Integration into global SSO  Protection for more than Partners 100K mobile users Case Study - General ElectricC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
  18. 18. What a Difference a Year Makes… 2010 2011C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
  19. 19. Solution OverviewC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
  20. 20. Global Datacenter FootprintC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
  21. 21. Content Control – Web 2.0  Web 2.0 blurs boundary between good and bad Multiple Web sources on a single page Social Networking User generated content  URL filtering no longer effective Either “over block” or “under block” Especially for “short lived” websites such as proxy avoidance and illegal activities  Requires dynamic classification, search engine analysis & content control  However, true Web security requires real- time content analysisC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
  22. 22. Zero-hour Protection - Outbreak IntelligenceC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
  23. 23. 30% Global Email Traffic 7B New URLs Tracked per Day 500 GB Data Processed per Day 200 Parameters Tracked 1M Email Rules per Day Advanced Heuristics Enable Secure XC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
  24. 24. Outbreak Intelligence - The Results Multiple injection Gumblar attacks Zeus Botnet /Percentage of malware blocks Luckysploit C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
  25. 25. Roaming Web Security Integrated with AnyConnect 3.0 Authenticates and directs your external client Web traffic to scanning infrastructure. Numerous datacenters are located all over the world ensuring that your employees are never too far from our in- the-cloud scanning services. SSL-encryption of all Web traffic flowing to datacenters improves security over public networks.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
  26. 26. ScanSafe Deployment Methods  AnyConnect VPN  ISR G2  PIM – Passive Identity Management  Connector  Proxy ChainC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
  27. 27. ScanSafe Secure Mobility ScanSafe Internet Traffic VPN – Internal Traffic (optional) AnyConnect Web SecurityC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
  28. 28. ISR Web Security with Cisco ScanSafe Secure Local Internet Access Internet Cisco IOS Firewall Cisco IOS IPS Local Guest POS LAN Users Wired Security Zone Wireless Security Zone Head OfficeC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
  29. 29. PIM - Passive Identity Management Benefits  Provides Active Directory user granularity ScanSafe and group policy enforcement  Provides redundancy/fail over architecture via PAC  No Connector software required Firewall  Supports Dynamic IP registration via Encrypted Header (user granularity) DDNS xss--3-Plel6UC8EGJdNQiG-Mfq..  Proven at-scale in the enterprise  Functionality Active Directory Server  Deployed via log-in script Set encrypted header Login  Browser connects directly to datacenters Script  No data is sent in the clear ` ` `  User granularity information contained in Client Client Client the HTTP/HTTPS headerC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
  30. 30. Connector Deployment  Processing  Policy  Thin Agent  Intelligence  Any Windows Server  Tags Web Requests Connect or Active Directory: Scanning Towers Flexible management & redundancy through GPO, PAC  Small Driver  Wi-Fi Protection Roaming WorkersC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
  31. 31. Proxy Chain Deployment - BlueCoat AD BCAAA Internet 2 3 1 ScanSafe Tower BlueCoat 4  How it works DMZ 1.Client request is directed to Local Proxy 2.Authentication continues to be managed on Blue Coat via BCAA and AD integration 3.External non-cached content requests are sent to ScanSafe tower via x-forwarded-for headers from Blue Coats 4.Content is served back via Local Proxy  Benefits 1.No user data is sent in the clear 2.Provides user granularity and group policy enforcement 3. Outbreak Intelligence and 2nd Commercial A/V Engine added 4.Provides redundancy/fail over architecture via PAC and proven at-scale in the enterprise 5.Reports delivered in seconds and over 80 attributes stored for every Web request  Assumption 1. BCAAA to be installed and configured within the Active Directory environment.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
  32. 32. Case Study - General Electric Challenges Vertical: Manufacturing Hugely decentralized, non-stand network 12th in Fortune Global 500 64 Internet gateways 270K users worldwide 47 geographic regions 300+ incumbent proxy servers Requirements Flexible deployment options Integration into global SSO Protection for more than 100K mobile usersC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
  33. 33. C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
  34. 34. Cisco IronPort Email Security© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
  35. 35. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco. The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartners analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Magic Quadrant for Secure Email Gateways August 10, 2011. Peter Firstbrook, Eric Ouellet.C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
  36. 36. Multi-layered Inbound Protection Inbound Reputation Virus Outbreak Filtering Anti-Spam Anti-Virus Filters Asyncos™ MTA Platform Encryption Remediation DLP Content Filter OutboundC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
  37. 37. Cisco IronPort SenderBase Breadth and Quality of Data Makes the Difference SpamCop, SpamHaus (SBL), NJABL, Bonded Sender Spamvertized URLs, Spam, phishing, Complaint IP Blacklists & Domain Blacklist phishing URLs, virus reports Reports Whitelists & Safelists spyware sites SpamCop, ISPs, customer Compromised SORBS, OPM, Spam Traps contributions Host Lists DSBL Message size, Downloaded Message Web Siteattachment volume, files, linking attachment types, Composition Composition URLs, threat URLs, host names Data Data heuristics Global Volume Data Other Data Over 100,000 organizations, Fortune 1000, length of email traffic, sending history, location, web traffic where the domain is SenderBase hosted, how long has it been registered, how long has the site been up C97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
  38. 38. 30% Global Email Traffic 7B New URLs Tracked per Day 500 GB Data Processed per Day 200 Parameters Tracked 1M Email Rules per Day Advanced Heuristics Enable Secure XC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
  39. 39. Anti-Spam ArchitectureDefense In-depth Multi-layer Spam Defense Senderbase Cisco IronPort Anti-Spam Reputation Filtering Who? How? Score What? Where? Block 90% of Spam >99% Catch Rate < 1 in 1 mil False PositivesC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
  40. 40. Anti-Spam ArchitectureDefense In-depth Multi-layer Virus Defense Virus Outbreak Filters Anti-Virus Cisco IronPort Anti-Virus 0 5 15 . zip (exe) Size 50 to 55KB Size 50 to 55KB “Price” in the filenameC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
  41. 41. Outbreak FiltersDynamic Quarantine Internet Email Security Inbox Targeted Attack Filter Are Canthe target website Has message attributes the we detect more changed since thean associated like this messages with email emerging botnet? was one? received? Rule Sets Cisco Security Dynamic Intelligence Operations QuarantineC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
  42. 42. User ExperienceProtection Beyond the Click Link is clicked Block malware payload via HTTP Website is cleanC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
  43. 43. Multi-layered Outbound Protection Inbound Reputation Anti-Spam Anti-Virus Virus Outbreak Filtering Filters Asyncos™ MTA Platform Encryption Remediation DLP Content Filter OutboundC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
  44. 44. Data Loss PreventionVariety of PoliciesC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
  45. 45. Data Loss PreventionFull Contextual Analysis Accurate jsmith@acme.com Comprehensive Prescription for J Smith Proper name Integrated We need to fax the following prescription information for Roger McMillan FEXOFENANDINE (ALLEGRA) 180 MG TABLET detection Dosage: Take 1 tablet by mouth daily Prescribed by Dr. Joseph A. Kennedy, MD on 7/22/10 Please delivery to pharmacy stat. ============================================== SSN: 331075839 SSN Numbers Matches are found Name: Roger McMillan in close proximity Medical Record: 06135443 Primary Care Provider: Blue Cross Blue Shield CA Clinic: Stanford Hospital Rule is matched Address: multiple times to Unique rule matches 177 Bovet Road increase score San Mateo, CA 94402 are metC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
  46. 46. Identity-Based Secure MessagingIntegrated into the Network Secure Confidential Guaranteed Read Email Recall Receipts ForwardingC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
  47. 47. Email Recipient: Quick & Easy Access toContentSecure Messaging: Easy for Receiver 1 2 3 Encrypted Message Arrives One Click Extracts Message 4 Message is Available Recipient can Reply with an Encrypted MessageC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
  48. 48. EncryptionVisibility and Control Guaranteed Expiration Guaranteed Read Receipt Guaranteed RecallC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
  49. 49. Leadership with Choice On-Premises Cloud Hybrid Managed Award-Winning Dedicated SaaS Best of Both Fully Managed Technology Instances Worlds on Premises Backed by Service Level AgreementsC97-567546-00 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
  50. 50. Thank you.

×