Advanced Web Security Deployment - Cisco · Mobile Malware (mis)Information Android Mobile Device...

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2012 Cisco and/or its affiliates. All rights reserved.

Toronto, Canada

May 30, 2013 Advanced Web Security Deployment On-Premise, Cloud, Next Gen Firewall?

Steve Gindi

Product Security Specialist

Cisco Systems

Agenda • Cisco State of the Nation

Industry Trends

Gartner Overview

• Cisco Securing the Nation

Second level bullets are18 pts in size

• Cisco Deployment Options

sizing words, do not italicize

• Live Demo

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 3

Cisco State of the Nation


Where You Visit Online…

36% search engines 22%

Online video 13%

Advertisements

20% Social networks

0% 5% 10% 15% 20% 25% 30% 35% 40%

Search Engine

Online Video

Ads

Social Network

Hits to Top Web Properties


…Is Where The Threats Are

Search Engines vs. Counterfeit Software

27x more likely to deliver malicious content

Online Advertisements vs. Pornography


Online Shopping vs. Counterfeit Software



A More Targeted Attack

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

Perscription Drugs

Luxury Watches

Credit Card

Business Reviews

Professional Network

Electronic Money Transfer

Accounting Software

Social Network

Professional Associations

Airline

Mail

Weight Loss

Government Organization

Windows Software

Cellular Company

Online Classifieds

Taxes

Prescription Drugs

Luxury Watches

Credit Card

Business Reviews

Professional Network

Electronic Money Transfer

Accounting Software

Social Network

Professional Associations

Airline

Mail

Weight Loss

Government Organization

Windows Software

Cellular Company


A More Targeted Attack

15 APRIL

January-March: Windows Software spam, which

coincided with the release of the

Microsoft Windows 8 consumer preview

February-April: Tax software spam during U.S. tax

season.

January-March and September-

December: Spam based on

Professional networks like LinkedIn,

correlated with desire for a change in

career during the beginning and end of

the year.


Data Loss

Business Pipeline

Social Networking

Webmail

Apps

Hotmail

Malware

Infections

Acceptable Use

Violations


Location

Device

Application

More People, Working from More Places, Using More Devices, Accessing More Diverse Applications, and Passing Sensitive Data


Mobile Malware (mis)Information Android Mobile Device Trending

2577% Android Malware grows

over 2012

Mobile make up less than .5%

of total web malware

encounters

.5%


Gartner Magic Quadrant Secure Web Gateway, 2012

The Magic Quadrant is copyrighted 2009 by Gartner, Inc. and

is reused with permission. The Magic Quadrant is a graphical

representation of a marketplace at and for a specific time

period. It depicts Gartner’s analysis of how certain vendors

measure against criteria for that marketplace, as defined by

Gartner. Gartner does not endorse any vendor product or

service depicted in the Magic Quadrant, and does not advise

technology users to select only those vendors placed in the

"Leaders” quadrant. The Magic Quadrant is intended solely

as a research tool, and is not meant to be a specific guide to

action. Gartner disclaims all warranties, express or implied,

with respect to this research, including any warranties of

merchantability or fitness for a particular purpose.

This Magic Quadrant graphic was published by Gartner, Inc.

as part of a larger research note and should be evaluated in

the context of the entire report. The Gartner report is available

upon request from Cisco.


Cisco Securing the Nation


Web Security Portfolio

CENTRALIZED MANAGEMENT AND REPORTING Single console for WSA or CWS solutions

ANYCONNECT SECURE MOBILITY CLIENT

Coffee Shop Mobile User Home Office

WEB SECURITY ESSENTIALS Application Visibility and Control

URL Filtering, Reputation

ADVANCED WEB SECURITY Anti-Malware Scanning

and Prevention, DLP

Cloud Appliance Virtual Firewall Router


Current Datacenters

Brazil

Canada (E), (W)

Bangalore

Chicago

Copenhagen

Dallas

Frankfurt

Hong Kong

London

Miami

New York Metro

Paris

San Jose

Singapore

Sydney

Tokyo

Zurich

In Progress Datacenters

Dubai

Mexico

South Africa


Visibility Control

0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101

0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 11000 111010011101 Cisco SIO

1.6M GLOBAL SENSORS

75TB DATA RECEIVED PER DAY

150M+ DEPLOYED ENDPOINTS

35% WORLDWIDE EMAIL TRAFFIC

13B WEB REQUESTS

WWW

Email Web Devices

IPS Endpoints Networks

24x7x365 OPERATIONS

40+ LANGUAGES

600+ ENGINEERS, TECHNICIANS AND RESEARCHERS

80+ PH.D.S, CCIE, CISSP, MSCE

$100M+ SPENT IN DYNAMIC RESEARCH AND DEVELOPMENT

3 to 5 MINUTE UPDATES

5,500+ IPS SIGNATURES PRODUCED

8M+ RULES PER DAY

200+ PARAMETERS TRACKED

70+ PUBLICATIONS PRODUCED

Unmatched Cloud-Based Global Threat Intelligence

Info

rmation

Actio

ns

WWW

ESA ASA WSA

AnyConnect CWS IPS


Every Click, Every Object

Reputation and

Heuristical Analysis

Signature based

Anti-Virus

Protection Adaptive Scanning

Layer 4

Traffic Monitor

Malicious Traffic from Infected Clients

Across All Ports &

All Protocols

Malicious Server

In-line / Real-time


Application Visibility and Control

• Deep application control, e.g., IM, Facebook, WebEx

• Dynamic updates

• Site content ratings

URL Filtering

• URL database covering over 50M sites worldwide

• Real-time dynamic categorization for unknown URLs

Enforce Acceptable Use Policies

• Reduce productivity loss

• Reduce risk of legal liabilities

• Control Web 2.0 traffic and web applications


WSA

ASA

On-Premise

AnyConnect Client

Redirect to

Premise or Cloud

Cloud

Mobile User


DLP Vendor Box

WSA

Hotmail

On-box Data

Security Policies

Off-box Integration

for Enterprise DLP


Centralized Reporting Centralized Management

Centralized Policy Management

Delegated Administration

In-Depth Threat Visibility Extensive Forensic Capabilities

Insight Across Threats,

Data and Applications

Control Consistent Policy Across Offices

and for Remote Users

Visibility Visibility Across Different Devices,

Services, and Network Layers









and Prevention, DLP



Cisco Deployment Options









and Prevention, DLP



Cisco Web Security Essentials

WSA CWS ASA-X

URL Filtering Granular categories and dynamic classification updated by SIO

Policy Management Flexible control of use, applications, social media, etc.

AVC 1000 applications, 75,000+ microapplications

SIO Updates 75TB of threat telemetry daily

Reporting Valuable insight on-box, or via

Splunk for large implementations

Valuable insight hosted in the cloud Valuable insight on box

Web Reputation Only vendor to examine IP,

domain, URL and sender

reputations

Only vendor to examine IP, domain,

URL and sender reputations

Only vendor to examine IP, domain,

URL and sender reputations


Cisco Advanced Web Security

WSA CWS ASA-X

Web Security Essentials, plus

Real-time Malware

Scanning

Sophos & Webroot, McAfee

optional

Multiple malware engines Cisco SIO

DLP Integrates with existing DLP

vendors (RSA, Symantec, etc.)

Via content filtering rules N/A

SIEM Integration Native integration with ArcSight,

LogLogic, netForensics, RSA,

Splunk

Via WSA Connector N/A

Web Proxy Caching, logging, audio/video

throttling, AD

integration/authentication

N/A N/A

L4 Traffic Monitoring Prevents Trojans, blocks “phone

home” infections

N/A N/A

CISCO WEB SECURITY

APPLIANCE

High-performance unified

appliance

Single box design for

simplified control

Essentials license:

AVC, URL filtering,

reputation

Advanced license:

Anti-malware, DLP

Integration

Unified reporting and

management tool

Flexible Deployment Options

CISCO CLOUD WEB

SECURITY

Cloud-based unified web

security

Connector software for

HW deployments

Essentials license:

AVC, URL filtering,

reputation

Advanced license:

Anti-malware, DLP via

policies

Cloud-based reporting

and management

CISCO ASA-X AND

CWS CONNECTOR

Next-Generation firewall

Integrated web security

essentials:

AVC, URL filtering,

reputation

Advanced web security

through CWS

connector:


policies


management through CX

CISCO ISR-G2 WITH

CWS CONNECTOR

CWS connector for

branch deployments

Essentials license:

AVC, URL filtering,

reputation

Advanced license:


policies

Cloud-based reporting

and management

VIRTUAL WEB

SECURITY APPLIANCE*

Virtual WSA for simplified

multi-location deployment

Unified web security

Essentials license:

AVC, URL filtering,

reputation

Advanced license:

Anti-malware, DLP

Integration


management tool

*Coming Q4 FY13


© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Cisco Confidential Cisco Connect 27 © 2012 Cisco and/or its affiliates. All rights reserved.

“Which Approach is right for my business???????”

Which Deployment Method Do I Choose? DRIVERS WSA CWS ASA-X

Location: Large, centralized HQ Many branches, remote users Smaller HQ

Security:

Real time malware protection X X SIO

Regulatory:

SIEM/DLP/SOCKS/FTP X X (w/WSA Connector)

Network:

Bandwidth Control X X

Operations:

Existing ASA/ISR X X

Cloud, Virtual Initiatives X X

Cost Considerations X

* Hybrid deployment via WSA Connector


Users

Cisco Web Security – On Premise

Users

Internet

Firewall

UCS +

• Deployment Options

• Explicit Deployments – Browser is aware there is a proxy server

• Transparent Deployments – Layer 3/4 redirection via WCCP or Traffic Management Device

Same functionality as WSA Appliance, plus

Self-Service Provisioning

Instant Provisioning

Included with Software Bundle

Unlimited License

Mix & Match deployment

Cisco Web

Security Virtual

Appliance


Cisco Cloud Web Security Simplified and scalable deployments

Direct to Cloud

ASA ISR-G2 WSA

AnyConnect

Cloud Web Security

Reuses appliances

URL Filtering

Application Visibility & Control

Multiple Malware Engines

SIEM/DLP/SOCKS/FTP

SIO Updates

Policy Management

Reporting

Multiple Connector Options

Eliminates desktop agent

Reduces vendors

Eliminates backhaul


Cisco ASA CX • Next-Generation Protection. Proven Cisco technology.

Co

nte

xt

Aw

are

Po

lic

y E

ng

ine

Plu

gg

ab

le C

on

tex

t S

tore

s

Context Aware Data Plane

Virtual Packet Rings

nScan Array

TLS & SSL

HTTP

MS-

RPC FTP Scanner

‘N’

• Context Aware

• Most comprehensive controls – applications, users, and devices

• Most widely deployed remote access

• Essential web security

• Threat Aware

• Reputation-based protection from zero-day threats

• Analyzes global data from multiple threat vectors

• Reputation analysis via human and machine intelligence

Robust stateful inspection and broadest context-aware controls

Complete Your Paper “Session Evaluation”

Give us your feedback and you could win

1 of 2 fabulous prizes in a random draw.

Complete and return your paper

evaluation form to the room attendant

as you leave this session.

Winners will be announced today.

You must be present to win!

..visit them at BOOTH# 100

http://www.google.com/aclk?sa=l&ai=CG2awSZxqUdmnIPKh6QGc2oHwAZDV48gCqLGXwTvI1sycSQgGEAMoA1Dburb5BGDJ1q6KpKTEEaAB3OuE_QPIAQeqBCNP0LNQhqdgW7cj9_QLmL6qjhzmt6ofFchKKiN01DpGJxLdTboFEwiblL75j8q2AhUrGjQKHR8zALrABQXKBQCgBiaAB4yU-wLgEsza__m9m6rV0QE&ei=SJxqUZvQF6u00AGf5oDQCw&sig=AOD64_3c0ay6iHU-GGkY5JlWB4p4X2vmXw&ctype=5&rct=j&frm=1&q=kobo+vox&sqi=2&ved=0CKUBEPMO&adurl=http://www.digitaldeliverydownloads.com/kobo-vox-ereader.html


Thank you.

Advanced Web Security Deployment - Cisco · Mobile Malware (mis)Information Android Mobile Device...

Documents

Transcript of Advanced Web Security Deployment - Cisco · Mobile Malware (mis)Information Android Mobile Device...