Post on 15-Dec-2015
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ScanSafe overview
Solution highlights
Deployment options
Demo
Q&A
Agenda
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Customers
• Industry’s most mature platform
• 20 Billion web requests per month
• 1,000’s of customers across 80 countries
• 200 Million Blocks per Month
• Global network operations in 4 continents
• SLA backed 99.999% service uptime
#1 SaaS Web Security Solution“The first successful in-
the-cloud secureWeb gateway service”
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Web Security – A Big Market Where Cisco is #1
Web Security Market Large: Overall market $2.5B by
2013 Broad across size, industry,
geography Growing: Market Growth at 12.3%
CAGR; But 46.5% CAGR for SaaS segment
Web Security Market Large: Overall market $2.5B by
2013 Broad across size, industry,
geography Growing: Market Growth at 12.3%
CAGR; But 46.5% CAGR for SaaS segment
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Web Security – Market Shift to SaaS
SaaS is growing much faster than legacy software/hardware as it delivers lower TCO and effective security. Ideal for customers with distributed networks and mobile workers
Cisco ScanSafe is the dominant provider in SaaS, with 35% market share or 5x nearest competitor according to latest IDC research
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
PositioningRequired Information:-
Overview of Prospect i.e. Seats/Locations/Gateways
Customer Project or Problem
Business Drivers – Compelling Mechanism
Timescales
Budget
Why ScanSafe:-
1. We do it cheaper, by saving time on cleaning infected PC’s & by managing the software on a day to day basis
2. We are more secure, 200 million malware blocks a month – spyware/malware/viruses
3. We are a complete solution – Internal users & External users are controlled via the same service
FREE EVAL FOR 30 DAYS – NO OBLIGATION TO PURCHASE
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Very significant market/vendor consolidation in past 2 years
Key Competitors:Websense – incumbent in large % of deals. Focus on renewal unless pushed.
Increase in development in SaaS platform. Continued move to try and position as a security vendor
Blue Coat – incumbent in large % of deals. Not that security focused. Rarely lose new business deals
MessageLabs – focus on email security with web security offered for completeness. Low cost, low functionality
Zscaler – small and relatively new, v. aggressive, may be acquired. Partnership with Microsoft. Less success in larger Enterprise customers.
1. Websense
2. Blue Coat
3.MessageLabs
4. Zscaler
1. Websense
2. MessageLabs
3. Blue Coat
4. Microsoft (?)
Today 12 months
Competitive Outlook
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ScanSafe Competitive Differentiation
Clear market leadership position (~34% market share) More customers than any other cloud Web security solution ScanSafe sees more real-world Web traffic than any other solution
Leading content visibility & zero-day threat protection Large database of Web content used to “train” security engine Uses combination of static & dynamic analysis Proven to block >25% more malware than signature solutions
Proven reliability Web is now business critical communication 100% uptime for 7 years
Superior reporting Complete flexibility into reporting criteria Allows end users to define exactly what data is important
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ScanSafe overview
Solution highlights
Deployment options
Demo
Q&A
Agenda
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Data Flow with ScanSafe
Web requests
Allowed traffic
Filtered traffic
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Scalability & ReliabilityReliability 15 Data Centers spanning four continents Top tier certification Thousands of devices deployed 100% availability, automated monitoring, full redundancy
San Francisco
Dallas Miami
New York
Chicago
London (2)
Paris
Copenhagen
Frankfurt Tokyo
Hong Kong
Sydney (2)
Singapore
Additional Data Centers planned
Scalability Billions of Web requests/day Highly Parallel processing Multi-tenant architecture: average <50 ms latency 10Gb connectivity Redundant network providers
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Zero-day Protection with Outbreak Intelligence
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Pe
rce
nta
ge
of m
alw
are
blo
ck
s
01
-Jan
-09
15
-Jan
-09
29
-Jan
-09
12
-Fe
b-0
9
26
-Fe
b-0
9
12
-Ma
r-09
26
-Ma
r-09
09
-Ap
r-09
23
-Ap
r-09
07
-Ma
y-09
21
-Ma
y-09
04
-Jun
-09
18
-Jun
-09
02
-Jul-0
9
16
-Jul-0
9
30
-Jul-0
9
13
-Au
g-0
9
27
-Au
g-0
9
10
-Se
p-0
9
24
-Se
p-0
9
08
-Oct-0
9
22
-Oct-0
9
05
-No
v-09
19
-No
v-09
03
-De
c-09
17
-De
c-09
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Outbreak Intelligence - The Results
Zeus Botnet / Luckysploit
Multiple injection attacks
Gumblar
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Multiple rules and schedules for User/Group granularity Bi-directional content based policy enforcement Dynamic content classification Control over HTTP & HTTPS communications
ScanCenter - Management
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Over 24,000 report combinations covering more than 80 attributes in 11 reporting categories
Cumulative, trending and search driven forensic reports, comprehensive drill down analysis
Based on data warehouse infrastructure for performance Scheduled reports can be sent securely to defined users Granular reporting enables actionable remedies to issues
and unrivalled visibility into resource usage
Web Intelligence Reporting
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ScanSafe overview
Solution highlights
Deployment options
Demo
Q&A
Agenda
Deployment options
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
ScanSafe Deployment Options
2010
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
• No User Granularity Required
• User / Group Granularity Required
• Connector-less Solutions
• Roaming & Remote Users
Agenda
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID20
ScanSafe Deployment Options
No User Granularity Required
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Firewall directs port 80 traffic to web security service via Transparent Proxy / Port Forward (no browser changes required)
Available with certain perimeter devices that have the ability to forward traffic based on port or protocol (BlueCoat, ISA, CheckPoint, Watchguard, SonicWall, Netgate etc…)
Provides Site/External IP granularity
NOTE: Many Cisco devices are not capable of port forwarding
Port Forward
ScanSafe Websecurity Service
Port Forwarding / Transparent Proxy
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Proxy Settings are pushed to browsers via Active Directory GPO
Browsers connect through Firewall on port 8080 to Web Security Service
Firewall blocks all other GET requests
Provides Site/External IP granularity
ScanSafe Websecurity Service
DC
Browser Redirection via GPO / PAC file
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
1. Through GPO, Desktop Users are configured to reference a PAC file with each browser session
2. A global PAC file can point to different ScanSafe towers dependant on internal IP
3. Web requests are sent directly to the ScanSafe towers
PAC File Deployment
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Deployment - AD Group Policy
Can be targeted to the AD site, domain or individual OUs.
Supports various OS platforms: Windows 2000 Windows 2k3
Server Windows XP Windows Vista Windows 7
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
ScanSafe Deployment Options
User / Group Granularity Required
25
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Proxy Settings are pushed to browsers via AD,GPO or PAC file
Forwards web traffic to ScanSafe on port 8080/443 to the Cloud based Tower
Connector receives Client info and queries Active Directory Server for Group Information, then proxies to ScanSafe upstream
Set Firewall to block all other GET requests
Provides IP/End User/Group granularity
ScanSafe Websecurity Service
DC Connector
Standalone Connector
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Web Security Service is configured as upstream proxy on currently installed proxy device
Current proxy device communicates with Connector ICAP (on box) to provide IP/User/Group information (5,500 Users max recommended)
Browser traffic is directed to existing Proxy via GPO or PAC files
Set firewall to block all other GET requests
Provides IP/End User/Group granularity
ScanSafe Websecurity Service
DC
ISA Server
Enterprise Connector - Inline ISA
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Web Security Service is configured as upstream proxy on currently installed proxy device
Current proxy device communicates with Connector via ICAP to provide IP/User/Group information
Requires no further Client configuration
Set firewall to block all other GET requests
Provides IP/End User/Group granularity
ScanSafe Websecurity Service
DC
3rd Party Proxy
Connector
Enterprise Connector - ICAP
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID29
ScanSafe Deployment Options
Connector-less Solutions
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Provides AD user and group granularity.
BCAAA must be installed and configured within the Active Directory environment.
To also send internal IP address to the ScanSafe Scanning towers, Blue Coat must be configured to include x-forwarded-for headers.
BC can run in transparent or explicit proxy mode
Set firewall to block all other GET requests
Provides End User/Group (possible IP granularity)
ScanSafe Websecurity Service
BlueCoat Proxy
BCAAA
AD Server
BlueCoat Integration - Connector-less
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Proxy Settings are pushed to browsers via Active Directory GPO or PAC file OR PIM can be run in transparent mode with ISA / Bluecoat
Login Script (or GPO etc) runs the PIM.EXE with required switches
Requires no client installation
Firewall blocks all other GET requests
Provides End User/Group granularity
ScanSafe Websecurity Service
DC
PIM.EXE Runs at Login
PIM - Passive Identity Management
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
There are many customers that do not want to deploy proxy servers yet still want granular policy control. This can be because of the shear number of sites they have to manage or for other technical reasons
Deploying a small number of proxy servers to where many different locations tunnel, negates a lot of the advantages of modern MPLS networks and increases latency and bandwidth costs
Why PIM?
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
PIM adds -XS headers to the browser’s user agent string
Included in this string is a unique hash that identifies the user in our Scanning tower
This detail is encrypted
Upon logon, PIM sends an out-of-bound request to the scanning tower and uploads the group information for that user
These groups are automatically created in ScanCenter
Following registration, each time a request to the Web is made, only the hash is sent to us along with the request and we can indentify the user and apply the correct policy according to the relevant group/s
How Does PIM Work?
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
PIM Data Flow
The InternetCisco/ScanSafeDataCentre(s)
Client runningPIM(IE/FireFox)
CorporateFirewall
Internet request (Browsing)Directory Sync request (Registration)
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID35
ScanSafe Deployment Options
Roaming / Remote Users
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Installs a Network Driver which binds to all connections (LAN, Wireless , 3G)
Automatic Peering Identifies nearest ScanSafe Datacenter and whether a connection is possible.
AD information can be remembered from when the user was last on the corporate network using the Gpresult API (group policy)
3rd Party Firewall
Websecurity Service
Hotspot 3rd Party Proxy
Anywhere+
Roaming Users (Anywhere+)
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
How Does it Work?
Authenticates and directs your external client Web traffic to our scanning infrastructure
Numerous datacenters are located all over the world ensuring that users are never too far from our in-the-cloud scanning services
SSL encryption of all Web traffic sent improves security over public networks
37
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Feature Known Environment(Remote)
Anywhere+ (True Roaming)
Access ScanSafe services from outside of corporate LAN
Suitable for home workers
Works with a VPN
Works through another proxy
Transparent to end user
Works at a network which requires payment (e.g. Hotspot)
Encrypts all web traffic to prevent eavesdropping
Tamper resistant
Location Aware (reduces latency)
Anywhere+ True Roaming Support
© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID39
ScanSafe Deployment Options
Q&A