Advanced Web Security Deployment - Cisco · Mobile Malware (mis)Information Android Mobile Device...
Transcript of Advanced Web Security Deployment - Cisco · Mobile Malware (mis)Information Android Mobile Device...
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2012 Cisco and/or its affiliates. All rights reserved.
Toronto, Canada
May 30, 2013 Advanced Web Security Deployment On-Premise, Cloud, Next Gen Firewall?
Steve Gindi
Product Security Specialist
Cisco Systems
Agenda • Cisco State of the Nation
Industry Trends
Gartner Overview
• Cisco Securing the Nation
Second level bullets are18 pts in size
• Cisco Deployment Options
sizing words, do not italicize
• Live Demo
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3
Cisco State of the Nation
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 4
Where You Visit Online…
36% search engines 22%
Online video 13%
Advertisements
20% Social networks
0% 5% 10% 15% 20% 25% 30% 35% 40%
Search Engine
Online Video
Ads
Social Network
Hits to Top Web Properties
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 5
…Is Where The Threats Are
Search Engines vs. Counterfeit Software
27x more likely to deliver malicious content
Online Advertisements vs. Pornography
182x more likely to deliver malicious content
Online Shopping vs. Counterfeit Software
21x more likely to deliver malicious content
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 6
A More Targeted Attack
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Perscription Drugs
Luxury Watches
Credit Card
Business Reviews
Professional Network
Electronic Money Transfer
Accounting Software
Social Network
Professional Associations
Airline
Weight Loss
Government Organization
Windows Software
Cellular Company
Online Classifieds
Taxes
Prescription Drugs
Luxury Watches
Credit Card
Business Reviews
Professional Network
Electronic Money Transfer
Accounting Software
Social Network
Professional Associations
Airline
Weight Loss
Government Organization
Windows Software
Cellular Company
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 7
A More Targeted Attack
15 APRIL
January-March: Windows Software spam, which
coincided with the release of the
Microsoft Windows 8 consumer preview
February-April: Tax software spam during U.S. tax
season.
January-March and September-
December: Spam based on
Professional networks like LinkedIn,
correlated with desire for a change in
career during the beginning and end of
the year.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 8
Data Loss
Business Pipeline
Social Networking
Webmail
Apps
Hotmail
Malware
Infections
Acceptable Use
Violations
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 9
Location
Device
Application
More People, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 10
Mobile Malware (mis)Information Android Mobile Device Trending
2577% Android Malware grows
over 2012
Mobile make up less than .5%
of total web malware
encounters
.5%
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 11
Gartner Magic Quadrant Secure Web Gateway, 2012
The Magic Quadrant is copyrighted 2009 by Gartner, Inc. and
is reused with permission. The Magic Quadrant is a graphical
representation of a marketplace at and for a specific time
period. It depicts Gartner’s analysis of how certain vendors
measure against criteria for that marketplace, as defined by
Gartner. Gartner does not endorse any vendor product or
service depicted in the Magic Quadrant, and does not advise
technology users to select only those vendors placed in the
"Leaders” quadrant. The Magic Quadrant is intended solely
as a research tool, and is not meant to be a specific guide to
action. Gartner disclaims all warranties, express or implied,
with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
This Magic Quadrant graphic was published by Gartner, Inc.
as part of a larger research note and should be evaluated in
the context of the entire report. The Gartner report is available
upon request from Cisco.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 12
Cisco Securing the Nation
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 13
Web Security Portfolio
CENTRALIZED MANAGEMENT AND REPORTING Single console for WSA or CWS solutions
ANYCONNECT SECURE MOBILITY CLIENT
Coffee Shop Mobile User Home Office
WEB SECURITY ESSENTIALS Application Visibility and Control
URL Filtering, Reputation
ADVANCED WEB SECURITY Anti-Malware Scanning
and Prevention, DLP
Cloud Appliance Virtual Firewall Router
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 14
Current Datacenters
Brazil
Canada (E), (W)
Bangalore
Chicago
Copenhagen
Dallas
Frankfurt
Hong Kong
London
Miami
New York Metro
Paris
San Jose
Singapore
Sydney
Tokyo
Zurich
In Progress Datacenters
Dubai
Mexico
South Africa
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 15
Visibility Control
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 Cisco SIO
1.6M GLOBAL SENSORS
75TB DATA RECEIVED PER DAY
150M+ DEPLOYED ENDPOINTS
35% WORLDWIDE EMAIL TRAFFIC
13B WEB REQUESTS
WWW
Email Web Devices
IPS Endpoints Networks
24x7x365 OPERATIONS
40+ LANGUAGES
600+ ENGINEERS, TECHNICIANS AND RESEARCHERS
80+ PH.D.S, CCIE, CISSP, MSCE
$100M+ SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT
3 to 5 MINUTE UPDATES
5,500+ IPS SIGNATURES PRODUCED
8M+ RULES PER DAY
200+ PARAMETERS TRACKED
70+ PUBLICATIONS PRODUCED
Unmatched Cloud-Based Global Threat Intelligence
Info
rmation
Actio
ns
WWW
ESA ASA WSA
AnyConnect CWS IPS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 16
Every Click, Every Object
Reputation and
Heuristical Analysis
Signature based
Anti-Virus
Protection Adaptive Scanning
Layer 4
Traffic Monitor
Malicious Traffic from Infected Clients
Across All Ports &
All Protocols
Malicious Server
In-line / Real-time
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 17
Application Visibility and Control
• Deep application control, e.g., IM, Facebook, WebEx
• Dynamic updates
• Site content ratings
URL Filtering
• URL database covering over 50M sites worldwide
• Real-time dynamic categorization for unknown URLs
Enforce Acceptable Use Policies
• Reduce productivity loss
• Reduce risk of legal liabilities
• Control Web 2.0 traffic and web applications
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 18
WSA
ASA
On-Premise
AnyConnect Client
Redirect to
Premise or Cloud
Cloud
Mobile User
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 19
DLP Vendor Box
WSA
Hotmail
On-box Data
Security Policies
Off-box Integration
for Enterprise DLP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 20
Centralized Reporting Centralized Management
Centralized Policy Management
Delegated Administration
In-Depth Threat Visibility Extensive Forensic Capabilities
Insight Across Threats,
Data and Applications
Control Consistent Policy Across Offices
and for Remote Users
Visibility Visibility Across Different Devices,
Services, and Network Layers
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 21
Web Security Portfolio
CENTRALIZED MANAGEMENT AND REPORTING Single console for WSA or CWS solutions
ANYCONNECT SECURE MOBILITY CLIENT
Coffee Shop Mobile User Home Office
WEB SECURITY ESSENTIALS Application Visibility and Control
URL Filtering, Reputation
ADVANCED WEB SECURITY Anti-Malware Scanning
and Prevention, DLP
Cloud Appliance Virtual Firewall Router
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 22
Cisco Deployment Options
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 23
Web Security Portfolio
CENTRALIZED MANAGEMENT AND REPORTING Single console for WSA or CWS solutions
ANYCONNECT SECURE MOBILITY CLIENT
Coffee Shop Mobile User Home Office
WEB SECURITY ESSENTIALS Application Visibility and Control
URL Filtering, Reputation
ADVANCED WEB SECURITY Anti-Malware Scanning
and Prevention, DLP
Cloud Appliance Virtual Firewall Router
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 24
Cisco Web Security Essentials
WSA CWS ASA-X
URL Filtering Granular categories and dynamic classification updated by SIO
Policy Management Flexible control of use, applications, social media, etc.
AVC 1000 applications, 75,000+ microapplications
SIO Updates 75TB of threat telemetry daily
Reporting Valuable insight on-box, or via
Splunk for large implementations
Valuable insight hosted in the cloud Valuable insight on box
Web Reputation Only vendor to examine IP,
domain, URL and sender
reputations
Only vendor to examine IP, domain,
URL and sender reputations
Only vendor to examine IP, domain,
URL and sender reputations
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 25
Cisco Advanced Web Security
WSA CWS ASA-X
Web Security Essentials, plus
Real-time Malware
Scanning
Sophos & Webroot, McAfee
optional
Multiple malware engines Cisco SIO
DLP Integrates with existing DLP
vendors (RSA, Symantec, etc.)
Via content filtering rules N/A
SIEM Integration Native integration with ArcSight,
LogLogic, netForensics, RSA,
Splunk
Via WSA Connector N/A
Web Proxy Caching, logging, audio/video
throttling, AD
integration/authentication
N/A N/A
L4 Traffic Monitoring Prevents Trojans, blocks “phone
home” infections
N/A N/A
CISCO WEB SECURITY
APPLIANCE
High-performance unified
appliance
Single box design for
simplified control
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP
Integration
Unified reporting and
management tool
Flexible Deployment Options
CISCO CLOUD WEB
SECURITY
Cloud-based unified web
security
Connector software for
HW deployments
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP via
policies
Cloud-based reporting
and management
CISCO ASA-X AND
CWS CONNECTOR
Next-Generation firewall
Integrated web security
essentials:
AVC, URL filtering,
reputation
Advanced web security
through CWS
connector:
Anti-malware, DLP via
policies
Unified reporting and
management through CX
CISCO ISR-G2 WITH
CWS CONNECTOR
CWS connector for
branch deployments
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP via
policies
Cloud-based reporting
and management
VIRTUAL WEB
SECURITY APPLIANCE*
Virtual WSA for simplified
multi-location deployment
Unified web security
Essentials license:
AVC, URL filtering,
reputation
Advanced license:
Anti-malware, DLP
Integration
Unified reporting and
management tool
*Coming Q4 FY13
Cloud Appliance Virtual Firewall Router
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Cisco Confidential Cisco Connect 27 © 2012 Cisco and/or its affiliates. All rights reserved.
“Which Approach is right for my business???????”
Which Deployment Method Do I Choose? DRIVERS WSA CWS ASA-X
Location: Large, centralized HQ Many branches, remote users Smaller HQ
Security:
Real time malware protection X X SIO
Regulatory:
SIEM/DLP/SOCKS/FTP X X (w/WSA Connector)
Network:
Bandwidth Control X X
Operations:
Existing ASA/ISR X X
Cloud, Virtual Initiatives X X
Cost Considerations X
* Hybrid deployment via WSA Connector
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 29
Users
Cisco Web Security – On Premise
Users
Internet
Firewall
UCS +
• Deployment Options
• Explicit Deployments – Browser is aware there is a proxy server
• Transparent Deployments – Layer 3/4 redirection via WCCP or Traffic Management Device
Same functionality as WSA Appliance, plus
Self-Service Provisioning
Instant Provisioning
Included with Software Bundle
Unlimited License
Mix & Match deployment
Cisco Web
Security Virtual
Appliance
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 30
Cisco Cloud Web Security Simplified and scalable deployments
Direct to Cloud
ASA ISR-G2 WSA
AnyConnect
Cloud Web Security
Reuses appliances
URL Filtering
Application Visibility & Control
Multiple Malware Engines
SIEM/DLP/SOCKS/FTP
SIO Updates
Policy Management
Reporting
Multiple Connector Options
Eliminates desktop agent
Reduces vendors
Eliminates backhaul
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 31
Cisco ASA CX • Next-Generation Protection. Proven Cisco technology.
Co
nte
xt
Aw
are
Po
lic
y E
ng
ine
Plu
gg
ab
le C
on
tex
t S
tore
s
Context Aware Data Plane
Virtual Packet Rings
nScan Array
TLS & SSL
HTTP
MS-
RPC FTP Scanner
‘N’
• Context Aware
• Most comprehensive controls – applications, users, and devices
• Most widely deployed remote access
• Essential web security
• Threat Aware
• Reputation-based protection from zero-day threats
• Analyzes global data from multiple threat vectors
• Reputation analysis via human and machine intelligence
Robust stateful inspection and broadest context-aware controls
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Cisco Confidential Cisco Connect 32 © 2012 Cisco and/or its affiliates. All rights reserved.
“DEMO”
Complete Your Paper “Session Evaluation”
Give us your feedback and you could win
1 of 2 fabulous prizes in a random draw.
Complete and return your paper
evaluation form to the room attendant
as you leave this session.
Winners will be announced today.
You must be present to win!
..visit them at BOOTH# 100
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 34
Thank you.