Presentation cisco iron port email & web security

2,116 views

Published on

Download & Share Technology
Presentations http://goo.gl/k80oY0
Student Guide & Best http://goo.gl/6OkI77

Published in: Technology
  • Be the first to comment

Presentation cisco iron port email & web security

  1. 1. Ciscc 1© 2010 Cisco and/or its affiliates. All rights reserved. Cisco IronPort Email & Web Security Greg Griessel Consulting Systems Engineer - Security greggr@cisco.com
  2. 2. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2Cisco EMAIL Security Gateway Application-Specific Security Gateways SECURITY MANAGEMENT Appliance Internet WEB Security Gateway SensorBase (The Common Security Database) APPLICATION-SPECIFIC SECURITY GATEWAYS BLOCK Incoming Threats:  Spam, Phishing/Fraud  Viruses, Trojans, Worms  Spyware, Adware  Unauthorized Access
  3. 3. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3Cisco Email Security, 2010 The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco.
  4. 4. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4Cisco Secure Web Gateway, 2011 The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco.
  5. 5. Ciscc 5© 2010 Cisco and/or its affiliates. All rights reserved. Cisco IronPort Email Security
  6. 6. Cisco Confidential 6© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Junk Mail Viruses Regulations Privacy & Control
  7. 7. Cisco Confidential 7© 2010 Cisco and/or its affiliates. All rights reserved. CiscoSource: Cisco Threat Operations Center More and more targeted attacks 0 50 100 150 200 250 300 2006 2007 2008 2009 2010 Daily Spam Volume (Billion) Targeted Attacks Spam
  8. 8. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8Cisco • Statistics on more than 30% of the world’s e-mail traffic • New threats & alerts detection • More than 200 parameters to build reputation scores • Data Volume • Message Structure • Complaints • Blacklists, whitelists • Off-line data Reputation Score Reputation Score • URL blacklists & whitelists • HTML Content • Domain Info • Known “bad” URLs • Website history… E-Mail Reputation Filters Web Reputation Filters
  9. 9. Cisco Confidential 9© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Management Cisco IronPort Email Security Appliance Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging INBOUND SECURITY OUTBOUND CONTROL MAIL TRANSFER AGENT Spam Defense
  10. 10. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10Cisco For Security, Reliability and Lower Maintenance After Cisco IronPort Groupware Firewall Cisco IronPort Email Security Appliance Internet Before Cisco IronPort Anti-Spam Anti-Virus Policy Enforcement Mail Routing Internet Firewall Groupware Users Encryption Platform MTA DLP Scanner DLP Policy Manager Users
  11. 11. Cisco Confidential 11© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Management Cisco IronPort Email Security Appliance Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging INBOUND SECURITY OUTBOUND CONTROL MAIL TRANSFER AGENT Spam Defense
  12. 12. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12Cisco Revolutionary Email Delivery Platform Traditional Email Gateways and Other Appliances Cisco IronPort Email Security Appliances 200 Connections Low Performance/ Peak Delivery Issue Disk I/O Bottlenecks Unable To Leverage Full Capability Components CPU Limited Solely By CPU Capacity 1K – 10K Connections High Performance/ Sure Delivery
  13. 13. Cisco Confidential 13© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Management Cisco IronPort Email Security Appliance CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging INBOUND SECURITY OUTBOUND CONTROL MAIL TRANSFER AGENT Spam Defense Virus Defense
  14. 14. Cisco Confidential 14© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Spam Blocked Before Entering Network > 99% Catch Rate < 1 in 1 million False Positives IronPort Anti-SpamSensorBase Reputation Filtering Who? How? What?Where? Verdict
  15. 15. Cisco Confidential 15© 2010 Cisco and/or its affiliates. All rights reserved. Cisco • Known good is delivered • Suspicious is rate limited & spam filtered • Known bad is blocked IronPort Anti-Spam Incoming Mail Good, Bad, and Unknown Email Reputation Filtering Cisco’s Internal Email Experience: Message Category % Messages Stopped by Reputation Filtering 93.1% 700,876,217 Stopped as Invalid recipients 0.3% 2,280,104 Spam Detected 2.5% 18,617,700 Virus Detected 0.3% 2,144,793 Stopped by Content Filter 0.6% 4,878,312 Total Threat Messages: 96.8% 728,797,126 Clean Messages 3.2% 24,102,874 Total Attempted Messages: 752,900,000 Real Time Threat Prevention
  16. 16. Cisco Confidential 16© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Management Cisco IronPort Email Security Appliance Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging INBOUND SECURITY OUTBOUND CONTROL MAIL TRANSFER AGENT Spam Defense
  17. 17. Cisco Confidential 17© 2010 Cisco and/or its affiliates. All rights reserved. Cisco The First Line of Defense Early Protection with IronPort Virus Outbreak Filters
  18. 18. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18Cisco Outbreak Filtering in Action Cisco SIO Verdict: Suspect IP / URL Action: Send to Cloud Verdict: Malicious Content Action: STOP
  19. 19. Cisco Confidential 19© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Zero Hour Malware Prevention and AV Scanning Virus Outbreak Filters Anti-Virus T = 0 -zip (exe) files T = 5 mins -zip (exe) files -Size 50 to 55 KB T = 15 mins -zip (exe) files -Size 50 to 55KB -“Price” in the filename An analysis over one year: Average lead time …………………………over 13 hours Outbreaks blocked ………………………291 outbreaks Total incremental protection ……………. over 157 days
  20. 20. Cisco Confidential 20© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Management Cisco IronPort Email Security Appliance CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging INBOUND SECURITY OUTBOUND CONTROL MAIL TRANSFER AGENT Spam Defense Virus Defense
  21. 21. Cisco Confidential 21© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Top Risk: Employees Biggest Impact: Customer Data 12% 10% 5% 4% 7% Personal client information 44% 21% 4% 8% 4% Intellectual Property Personnel Information Information marked Confidential Top Data Loss Types
  22. 22. Cisco Confidential 22© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Comprehensive, Accurate, Easy Comprehensive  100+ Pre-defined templates  Regulatory compliance  Multiple parameters  Key words, proximity, etc. Accurate  One-click activation  Policy enable/disable Easy
  23. 23. Cisco Confidential 23© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Comprehensive, Accurate, Easy Comprehensive  100+ Pre-defined templates  Regulatory compliance  Multiple parameters  Key words, proximity, etc. Accurate  One-click activation  Policy enable/disable Easy
  24. 24. Cisco Confidential 24© 2010 Cisco and/or its affiliates. All rights reserved. Cisco “RSA has strong described content capabilities enabled by a formal knowledge-engineering process” - Gartner  Ranked as “Leader” in Gartner Magic Quadrant  Focus on accuracy: large research team staffed specifically to write and refine content polices
  25. 25. Cisco Confidential 25© 2010 Cisco and/or its affiliates. All rights reserved. Cisco  Reports by severity and policy  Real time and scheduled reports available
  26. 26. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Cisco Instant Deployment, Zero Management Cost  Automated key management  No desktop software requirements  No new hardware required Gateway encrypts message Message pushed to recipient Cisco Registered Envelope Service User opens secured message in browser User authenticates and receives message key Key is stored Decrypted message is displayed
  27. 27. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Cisco No Forwarding Allowed without Permission Confidential Contents Guaranteed Recall Guaranteed Read Receipts Message Expiry
  28. 28. Cisco Confidential 28© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Protect Company From Identity Data Leaks Protect Employees From Identity Stealing Malware and Phishing Inbound Security Outbound ControlCisco IronPort Email Security Solution Anti-Spam • SensorBase Reputation Filtering • IronPort Anti-Spam RSA Email DLP • 100+ predefined DLP policies • Accurate • Easy to Implement Anti-Virus • Virus Outbreak Filters (VOF) • McAfee Anti-Virus • Sophos Anti-Virus Encryption • Secure Message Delivery • Transport Layer Security
  29. 29. Cisco Confidential 29© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Management Cisco IronPort Email Security Appliance CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging INBOUND SECURITY OUTBOUND CONTROL MAIL TRANSFER AGENT Spam Defense Virus Defense
  30. 30. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Cisco Single view of policies for the entire organization • Mark and Deliver Spam • Delete Executables • Archive all mail • Virus Outbreak Filters disabled for .doc files • Allow all media files • Quarantine executables IT SALES LEGAL with Delegated Administration Global Administrator Read-OnlyOperator Helpdesk PCI Auditor PCI Supervisor……..
  31. 31. Cisco Confidential 31© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Email Volumes Spam Counters Policy Violations Virus Reports Outgoing Email Data Reputation Service System Health View  Single view across the organization  Real Time insight into email traffic and security threats  Actionable drill down reports Multipledatapoints Consolidated Reports Unified Business Reporting
  32. 32. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32Cisco Fully Managed on Premises Managed Award-Winning Technology Appliances Backed by Service Level Agreements Dedicated SaaS Infrastructure Hosted Best of Both Worlds Hybrid Hosted
  33. 33. Ciscc 33© 2010 Cisco and/or its affiliates. All rights reserved. Cisco IronPort Web Security
  34. 34. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34Cisco Acceptable Use Control Malware Protection Data Loss Prevention Policy SaaS Access Control
  35. 35. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35Cisco Industry Leading Secure Web Gateway Control Security Acceptable Use Controls Malware Protection Data Security SaaS Access Controls Centralized Management and Reporting InternetSecure Mobility
  36. 36. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36Cisco 80% of the web is uncategorized, highly dynamic or unreachable by web crawlers  Botnets  Dynamic content  Password protected sites  User generated content  Short life sites The Known Web 20% covered by URL lists Acceptable Use Controls Malware Protection Data Security SaaS Access Controls Danger Danger
  37. 37. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37Cisco URL Keyword Analysis www.casinoonthe.net/ Gambling  Industry-leading URL database efficacy • 65 categories • Updated every 5 minutes  Dynamic categorization identifies more than 90% of Dark Web content in commonly blocked categories Uncategorized Dynamic Content Analysis Engine GamblingAnalyze Site Content Real-time Dynamic Content Analysis URL Lookup in Database www.sportsbook.com/ Gambling URL Database Uncategorized
  38. 38. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38Cisco Control Acceptable Use Controls Data Security SaaS Access Controls Centralized Management and Reporting InternetSecure Mobility Security Malware Protection Industry Leading Secure Web Gateway
  39. 39. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39Cisco • 237% volume increase in ‘09 • Over 70% of compromised web sites are legitimate • Vulnerabilities in Adobe PDF emerged as the main target, followed by Flash  54% of malware encounters due to iframes and exploits  Cross-Site Scripting and SQL Injection are top attack methods  83% of websites have at least 1 serious vulnerability
  40. 40. Cisco Confidential 40© 2010 Cisco and/or its affiliates. All rights reserved. Cisco BoingBoing.net: A Popular Blog • URLs in browser: 1 • HTTP Gets: 162 • Images: 66 from 18 domains including 5 separate 1x1 pixel invisible tracking images • Scripts: 87 from 7 domains • Cookies: 118 from 15 domains • 8 Flash objects from 4 domains
  41. 41. Cisco Confidential 41© 2010 Cisco and/or its affiliates. All rights reserved. Cisco BoingBoing.net: A Popular Blog
  42. 42. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Cisco Cisco Network and Content Security Deployments Predictive, Zero-day Protection Cisco SensorBase Threat Operations Center Advanced Algorithms Web Reputation Scores -10 to +10 Cisco Security Intelligence Operations Threat Telemetry Threat Telemetry Outbreak Intelligence External Feeds Identifying Malware Lurking in the Dark Web
  43. 43. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43Cisco New York Times: Victim of an Advertiser Attack! • Seemingly legitimate ad turned malicious causing 3 redirects • Ultimate destination: protection-check07.com Drive By Scareware Full-screen pop-up simulates real AV software, asks user to buy full version to clean machine. Cisco Web Rep Score: -9.3 Default Action: BLOCK NYT site allowed but malicious redirect blocked
  44. 44. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44Cisco Dynamic Vectoring and Streaming Signature and Heuristic Analysis  Wide coverage with multiple signature scanning engines  Identify encrypted malicious traffic by decrypting and scanning SSL traffic  Seamless user experience with parallel scanning  Latest coverage with automated updates Heuristics Detection Identify unusual behaviors DVS Engine Parallel Scans, Stream Scanning Signature Inspection Identify known behaviors
  45. 45. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45Cisco Internet Users Cisco IronPort S-Series Network Layer Analysis Powerful Anti-Malware Data Preventing “Phone-Home” Traffic  Scans all traffic, all ports, all protocols  Detects malware bypassing Port 80  Prevents Botnet traffic  Automatically updated rules  Real-time rule generation using, “Dynamic Discovery” Layer 4 Traffic Monitor Packet and Header Inspection Also available on the ASA as Botnet Traffic Filter
  46. 46. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46Cisco Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting InternetSecure Mobility Security Malware Defense Control Data Security Industry Leading Secure Web Gateway
  47. 47. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47Cisco Documents  Allow, block, log based on file metadata, URL category, user and web reputation  Multi-protocol: HTTP(s), FTP, HTTP tunneled Documents On-Box Common Sense Security DLP Vendor Box Internet Partner site Webmail Internet  Deep content inspection: Structured and unstructured data matching  Performance optimized: Works in tandem with accelerated on-box policies Log Allow Block Log Allow Block Off-Box Advanced Data Security
  48. 48. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48Cisco Control Data Security Centralized Management and Reporting InternetSecure Mobility Security Malware Defense Acceptable Use Controls SaaS Access Controls Industry Leading Secure Web Gateway
  49. 49. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49Cisco Identity Job Sites Instant Message P2P Streaming Media Human Resource No File Transfer All 100 kbps/User Facebook Lunch hour Time Object Application Location Priority
  50. 50. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50Cisco  Granular control over HTTP, HTTP(s), FTP applications  Dynamic signature updates maintained by Cisco SIO Granular Control over Application Usage Employee in Finance Access Control Policy Access Control Violation Instant Messaging Facebook: Limited Apps Video: 512 kbps max File Transfer over IM Facebook Chat, Email P2P
  51. 51. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Cisco Block Malware like ‘Farm Town’ app ad that redirects users to fake antivirus software Allow/Block thousands of Facebook Apps Allow/Block features like Chat, Messaging, Video & audio bandwidth
  52. 52. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52Cisco Control Acceptable Use Controls Data Security Centralized Management and Reporting InternetSecure Mobility Security Malware Defense SaaS Access Controls Industry Leading Secure Web Gateway
  53. 53. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53Cisco Visibility | Centralized Enforcement | Single Source Revocation Regaining Visibility and Control Through Identity Branch Office Corporate Office Home Office SaaS Single Sign On AnyConnect Secure Mobility Client SaaS Single Sign OnRedirect @ Login User Directory No Direct Access X
  54. 54. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54Cisco Control Security Acceptable Use Controls Malware Defense Data Security SaaS Access Controls Centralized Management and Reporting InternetSecure Mobility Industry Leading Secure Web Gateway
  55. 55. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55Cisco On-Box Centralized Reporting and Tracking Centralized Management Centralized Policy Management Delegated Administration Insight Across Threats, Data and Applications Control Consistent Policy Across Offices and for Remote Users Visibility Visibility Across Different Devices, Services, and Network Layers In-Depth Threat Visibility Extensive Forensic Capabilities Security Management Appliance
  56. 56. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56Cisco Multi-Core Optimization Integrated Identity and Authentication NTLM/ Active Directory LDAP Secure LDAP  Addresses latency issues associated with anti-virus scanning  Enables multi-scan features for improved security efficacy  Optimized for rich web content  Identity Based Policies  Transparent, single sign-on (SSO) authentication against Active Directory  Guest Policies, Re-Auth
  57. 57. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57Cisco Customers Awards Partners  Pioneer in SaaS Web Security  Over 34% market share in SaaS Web Security (IDC)  Multi-award winning product portfolio  Millions of users  Billions of Web requests scanned every day  100% Availability
  58. 58. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58Cisco AnyConnect Secure Mobility Internet Traffic VPN – Internal Traffic (optional) With AnyConnect 3.0
  59. 59. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Cisco Internet Corporate Office Blocked URLs Blocked Files Blocked Content Approved Content Branch/Retail or Home Office ISR G2 with ScanSafe Connector SW RADIUS/ LDAP
  60. 60. Thank you.

×