Presentation cisco iron port email & web security

Ciscc 1© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco IronPort
Email & Web Security
Greg Griessel
Consulting Systems Engineer - Security
greggr@cisco.com

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2Cisco
EMAIL
Security Gateway
Application-Specific Security Gateways
SECURITY
MANAGEMENT
Appliance
Internet
WEB
Security Gateway
SensorBase
(The Common
Security Database)
APPLICATION-SPECIFIC
SECURITY GATEWAYS
BLOCK Incoming Threats:
 Spam, Phishing/Fraud
 Viruses, Trojans, Worms
 Spyware, Adware
 Unauthorized Access

Email Security, 2010
The Magic Quadrant is copyrighted 2010 by
Gartner, Inc. and is reused with permission.
The Magic Quadrant is a graphical
representation of a marketplace at and for a
specific time period. It depicts Gartner’s
analysis of how certain vendors measure
against criteria for that marketplace, as
defined by Gartner. Gartner does not endorse
any vendor product or service depicted in the
Magic Quadrant, and does not advise
technology users to select only those vendors
placed in the "Leaders” quadrant. The Magic
Quadrant is intended solely as a research
tool, and is not meant to be a specific guide
to action. Gartner disclaims all warranties,
express or implied, with respect to this
research, including any warranties of
merchantability or fitness for a particular
purpose.
This Magic Quadrant graphic was published
by Gartner, Inc. as part of a larger research
note and should be evaluated in the context
of the entire report. The Gartner report is
available upon request from Cisco.

Secure Web Gateway, 2011
The Magic Quadrant is copyrighted 2011 by
Gartner, Inc. and is reused with permission.
The Magic Quadrant is a graphical
representation of a marketplace at and for a
specific time period. It depicts Gartner’s
analysis of how certain vendors measure
against criteria for that marketplace, as
defined by Gartner. Gartner does not endorse
any vendor product or service depicted in the
Magic Quadrant, and does not advise
technology users to select only those vendors
placed in the "Leaders” quadrant. The Magic
Quadrant is intended solely as a research
tool, and is not meant to be a specific guide
to action. Gartner disclaims all warranties,
express or implied, with respect to this
research, including any warranties of
merchantability or fitness for a particular
purpose.
This Magic Quadrant graphic was published
by Gartner, Inc. as part of a larger research
note and should be evaluated in the context
of the entire report. The Gartner report is
available upon request from Cisco.

Cisco IronPort
Email Security

Cisco Confidential 6© 2010 Cisco and/or its affiliates. All rights reserved. Cisco
Junk Mail
Viruses Regulations
Privacy & Control

Cisco Confidential 7© 2010 Cisco and/or its affiliates. All rights reserved. CiscoSource: Cisco Threat Operations Center
More and more targeted attacks
0
50
100
150
200
250
300
2006 2007 2008 2009 2010
Daily Spam Volume (Billion)
Targeted Attacks
Spam

• Statistics on more than 30% of
the world’s e-mail traffic
• New threats & alerts detection
• More than 200 parameters to build
reputation scores
• Data Volume
• Message Structure
• Complaints
• Blacklists, whitelists
• Off-line data
Reputation Score
Reputation Score
• URL blacklists & whitelists
• HTML Content
• Domain Info
• Known “bad” URLs
• Website history…
E-Mail Reputation Filters
Web Reputation Filters

Management
Cisco IronPort Email Security Appliance
Virus
Defense
CISCO IRONPORT ASYNCOS
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense

For Security, Reliability and Lower Maintenance
After Cisco IronPort
Groupware
Firewall
Internet
Before Cisco IronPort
Anti-Spam
Anti-Virus
Policy Enforcement
Mail Routing
Internet
Firewall
Groupware
Users
Encryption Platform
MTA
DLP
Scanner
DLP Policy
Manager
Users

Management
Virus
Defense
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense

Revolutionary Email Delivery Platform
Traditional Email Gateways
and Other Appliances
Cisco IronPort Email Security
Appliances
200
Connections
Low Performance/
Peak Delivery Issue
Disk I/O
Bottlenecks
Unable To Leverage
Full Capability
Components
CPU Limited Solely
By CPU Capacity
1K – 10K
Connections
High Performance/
Sure Delivery

Management
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense
Virus
Defense

Spam Blocked Before
Entering Network
> 99% Catch Rate
< 1 in 1 million
False Positives
IronPort Anti-SpamSensorBase
Reputation Filtering
Who? How?
What?Where?
Verdict

• Known good
is delivered
• Suspicious
is rate limited
& spam filtered
• Known bad is
blocked
IronPort
Anti-Spam
Incoming Mail
Good, Bad, and
Unknown Email
Reputation
Filtering
Cisco’s Internal
Email Experience:
Message Category % Messages
Stopped by Reputation Filtering 93.1% 700,876,217
Stopped as Invalid recipients 0.3% 2,280,104
Spam Detected 2.5% 18,617,700
Virus Detected 0.3% 2,144,793
Stopped by Content Filter 0.6% 4,878,312
Total Threat Messages: 96.8% 728,797,126
Clean Messages 3.2% 24,102,874
Total Attempted Messages: 752,900,000
Real Time Threat Prevention

Management
Virus
Defense
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense

The First Line of Defense
Early Protection
with
IronPort Virus
Outbreak Filters

Outbreak Filtering in Action
Cisco SIO
Verdict: Suspect IP / URL
Action: Send to Cloud
Verdict: Malicious Content
Action: STOP

Zero Hour Malware Prevention and AV Scanning
Virus Outbreak Filters Anti-Virus
T = 0
-zip (exe) files
T = 5 mins
-zip (exe) files
-Size 50 to 55 KB
T = 15 mins
-zip (exe) files
-Size 50 to 55KB
-“Price” in the
filename
An analysis over one year:
Average lead time …………………………over 13 hours
Outbreaks blocked ………………………291 outbreaks
Total incremental protection ……………. over 157 days

Management
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense
Virus
Defense

Top Risk: Employees Biggest Impact: Customer Data
12%
10%
5%
4% 7%
Personal client
information
44%
21%
4% 8% 4%
Intellectual Property
Personnel Information
Information marked
Confidential
Top Data Loss Types

Comprehensive, Accurate, Easy
Comprehensive
 100+ Pre-defined templates
 Regulatory compliance
 Multiple parameters
 Key words, proximity, etc.
Accurate
 One-click activation
 Policy enable/disable
Easy

“RSA has strong described content capabilities enabled by a
formal knowledge-engineering process” - Gartner
 Ranked as “Leader” in
Gartner Magic Quadrant
 Focus on accuracy:
large research team
staffed specifically to write
and refine content polices

 Reports by severity
and policy
 Real time and
scheduled reports
available

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Cisco
Instant Deployment, Zero Management Cost
 Automated key management
 No desktop software requirements
 No new hardware required
Gateway encrypts
message
Message pushed to
recipient
Cisco Registered Envelope Service
User opens secured
message in browser
User authenticates and
receives message key
Key is stored
Decrypted
message is displayed

Cisco
No Forwarding
Allowed without
Permission
Confidential Contents
Guaranteed
Recall
Guaranteed Read
Receipts
Message Expiry

Protect Company
From Identity
Data Leaks
Protect Employees
From Identity Stealing
Malware and Phishing
Inbound Security Outbound ControlCisco IronPort Email
Security Solution
Anti-Spam
• SensorBase Reputation Filtering
• IronPort Anti-Spam
RSA Email DLP
• 100+ predefined DLP policies
• Accurate
• Easy to Implement
Anti-Virus
• Virus Outbreak Filters (VOF)
• McAfee Anti-Virus
• Sophos Anti-Virus
Encryption
• Secure Message Delivery
• Transport Layer Security

Management
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
MAIL TRANSFER
AGENT
Spam
Defense
Virus
Defense

Cisco
Single view of policies for the entire organization
• Mark and Deliver Spam
• Delete Executables
• Archive all mail
• Virus Outbreak Filters
disabled for .doc files
• Allow all media files
• Quarantine executables
IT
SALES
LEGAL
with Delegated Administration
Global
Administrator
Read-OnlyOperator Helpdesk PCI Auditor PCI Supervisor……..

Email Volumes
Spam Counters
Policy Violations
Virus Reports
Outgoing Email Data
Reputation Service
System Health View
 Single view
across the
organization
 Real Time
insight into
email traffic and
security threats
 Actionable drill
down reports
Multipledatapoints
Consolidated Reports
Unified Business Reporting

Fully Managed
on Premises
Managed
Award-Winning
Technology
Appliances
Backed by Service Level Agreements
Dedicated
SaaS
Infrastructure
Hosted
Best of Both
Worlds
Hybrid Hosted

Cisco IronPort
Web Security

Acceptable
Use Control
Malware
Protection
Data Loss
Prevention
Policy
SaaS Access
Control

Industry Leading Secure Web Gateway
Control
Security
Acceptable
Use Controls
Malware
Protection
Data
Security
SaaS Access
Controls
Centralized Management and Reporting
InternetSecure Mobility

80% of the web is uncategorized,
highly dynamic or unreachable by
web crawlers
 Botnets
 Dynamic content
 Password protected sites
 User generated content
 Short life sites
The Known Web
20% covered by URL lists
Acceptable
Use Controls
Malware
Protection
Data
Security
SaaS Access
Controls
Danger
Danger

URL Keyword Analysis
www.casinoonthe.net/
Gambling
 Industry-leading URL
database efficacy
• 65 categories
• Updated every 5 minutes
 Dynamic categorization
identifies more than 90%
of Dark Web content in
commonly blocked
categories
Uncategorized
Dynamic Content Analysis Engine
GamblingAnalyze Site Content
Real-time Dynamic
Content Analysis
URL Lookup in Database
www.sportsbook.com/
Gambling
URL Database
Uncategorized

Control
Acceptable
Use Controls
Data
Security
SaaS Access
Controls
Security
Malware
Protection

• 237% volume increase in ‘09
• Over 70% of compromised web sites are
legitimate
• Vulnerabilities in Adobe PDF emerged as
the main target, followed by Flash
 54% of malware encounters due to
iframes and exploits
 Cross-Site Scripting and SQL Injection
are top attack methods
 83% of websites have at least 1
serious vulnerability

BoingBoing.net: A Popular Blog
• URLs in browser: 1
• HTTP Gets: 162
• Images: 66
from 18 domains including
5 separate 1x1 pixel invisible
tracking images
• Scripts: 87 from 7 domains
• Cookies: 118 from
15 domains
• 8 Flash objects from
4 domains

BoingBoing.net: A Popular Blog

Cisco
Cisco Network and Content Security Deployments
Predictive, Zero-day Protection
Cisco
SensorBase
Threat Operations
Center
Advanced
Algorithms
Web Reputation Scores
-10 to +10
Cisco Security Intelligence Operations
Threat
Telemetry
Threat
Telemetry
Outbreak Intelligence
External
Feeds
Identifying Malware
Lurking in the Dark Web

New York Times: Victim of an Advertiser Attack!
• Seemingly legitimate ad turned
malicious causing 3 redirects
• Ultimate destination:
protection-check07.com
Drive By Scareware
Full-screen pop-up simulates real
AV software, asks user to buy full
version to clean machine.
Cisco Web Rep Score: -9.3
Default Action: BLOCK
NYT site allowed but
malicious redirect blocked

Dynamic Vectoring and Streaming
Signature and Heuristic Analysis
 Wide coverage with
multiple signature
scanning engines
 Identify encrypted
malicious traffic by
decrypting and scanning
SSL traffic
 Seamless user
experience with parallel
scanning
 Latest coverage with
automated updates
Heuristics Detection
Identify unusual behaviors
DVS Engine
Parallel Scans, Stream Scanning
Signature Inspection
Identify known behaviors

Internet
Users
Cisco
IronPort
S-Series
Network
Layer
Analysis
Powerful
Anti-Malware Data
Preventing
“Phone-Home” Traffic
 Scans all traffic, all ports, all
protocols
 Detects malware bypassing Port 80
 Prevents Botnet traffic
 Automatically updated rules
 Real-time rule generation using,
“Dynamic Discovery”
Layer 4 Traffic Monitor
Packet and
Header
Inspection
Also available on the ASA as Botnet Traffic Filter

Acceptable
Use Controls
SaaS Access
Controls
Security
Malware
Defense
Control
Data
Security

Documents
 Allow, block, log based on file metadata, URL category, user and
web reputation
 Multi-protocol: HTTP(s), FTP, HTTP tunneled
Documents
On-Box Common Sense Security
DLP Vendor Box
Internet
Partner site
Webmail
Internet
 Deep content inspection: Structured and unstructured data matching
 Performance optimized: Works in tandem with accelerated on-box policies
Log
Allow
Block
Log
Allow
Block
Off-Box Advanced Data Security

Control
Data
Security
Security
Malware
Defense
Acceptable
Use Controls
SaaS Access
Controls

Identity
Job Sites
Instant Message
P2P
Streaming
Media
Human
Resource
No File
Transfer
All
100 kbps/User
Facebook Lunch hour
Time
Object
Application
Location
Priority

 Granular control over
HTTP, HTTP(s), FTP
applications
 Dynamic signature
updates maintained
by Cisco SIO
Granular Control over Application Usage
Employee in
Finance
Access Control Policy Access Control Violation
Instant Messaging
Facebook: Limited Apps
Video: 512 kbps max
File Transfer over IM
Facebook Chat, Email
P2P

Cisco
Block Malware like ‘Farm Town’ app ad that
redirects users to fake antivirus software
Allow/Block thousands of
Facebook Apps
Allow/Block
features like Chat,
Messaging, Video
& audio bandwidth

Control
Acceptable
Use Controls
Data
Security
Security
Malware
Defense
SaaS Access
Controls

Visibility | Centralized Enforcement | Single Source Revocation
Regaining Visibility and Control Through Identity
Branch
Office
Corporate
Office
Home
Office
SaaS
Single
Sign On
AnyConnect
Secure
Mobility Client
SaaS
Single
Sign OnRedirect @ Login
User Directory
No Direct Access
X

Control
Security
Acceptable
Use Controls
Malware
Defense
Data
Security
SaaS Access
Controls

On-Box Centralized
Reporting and Tracking
Centralized Management
Centralized Policy
Management
Delegated
Administration
Insight
Across Threats,
Data and Applications
Control
Consistent Policy Across Offices
and for Remote Users
Visibility
Visibility Across Different Devices,
Services, and Network Layers
In-Depth Threat
Visibility
Extensive Forensic
Capabilities
Security Management Appliance

Multi-Core
Optimization
Integrated Identity and
Authentication
NTLM/
Active
Directory
LDAP
Secure
LDAP
 Addresses latency issues associated
with anti-virus scanning
 Enables multi-scan features for
improved security efficacy
 Optimized for rich web content
 Identity Based Policies
 Transparent, single sign-on (SSO)
authentication against Active
Directory
 Guest Policies, Re-Auth

Customers
Awards
Partners
 Pioneer in SaaS Web Security
 Over 34% market share in SaaS Web
Security (IDC)
 Multi-award winning product portfolio
 Millions of users
 Billions of Web requests scanned every
day
 100% Availability

AnyConnect
Secure Mobility
Internet Traffic
VPN – Internal Traffic
(optional)
With AnyConnect 3.0

Cisco
Internet
Corporate Office
Blocked
URLs
Blocked
Files
Blocked
Content
Approved
Content
Branch/Retail
or Home Office
ISR G2 with
ScanSafe
Connector SW
RADIUS/
LDAP

Presentation cisco iron port email & web security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Presentation cisco iron port email & web security

Similar to Presentation cisco iron port email & web security (20)

More from xKinAnx

More from xKinAnx (20)

Recently uploaded

Recently uploaded (20)

Presentation cisco iron port email & web security