Cisco s Appliance-based Content Security: IronPort and Web Security

Similar documents
CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Selftestengine q

Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant

Training UNIFIED SECURITY. Signature based packet analysis

IronPort C100 for Small and Medium Businesses

Release Notes for Cisco IronPort AsyncOS for Web

Sales Training

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Office 365 Buyers Guide: Best Practices for Securing Office 365

Release Notes for Cisco IronPort AsyncOS for Web

Cisco ASA Next-Generation Firewall Services

Release Notes for Cisco IronPort AsyncOS for Web

Contents. Introduction. WSA WebBase Network Participation

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Release Notes for Cisco IronPort AsyncOS for Web

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Release Notes for Cisco IronPort AsyncOS 7.0 for Web

Future-ready security for small and mid-size enterprises

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Hrvoje Dogan, Consulting Systems Engineer, Security, EM East Cisco and/or its affiliates. All rights reserved. Cisco Confiden:al 2

New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Using Centralized Security Reporting

Quick Wins With DLP. Applying the Quick Wins process to deploy a high impact solution, Rich Mogul, Securosis. Sponsors of Today's Event:

Getting Started with the Cisco Cloud Security

Cisco Security Enterprise License Agreement

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Cisco Next Generation Firewall Services

Tracking Messages

CloudSOC and Security.cloud for Microsoft Office 365

Release Notes for Cisco IronPort AsyncOS for Web

Chapter 1: Content Security

Modern attacks and malware

Managing SonicWall Gateway Anti Virus Service

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Security: Advanced Threat Defense for Microsoft Office 365

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Product Guide. McAfee Web Gateway Cloud Service

File Reputation Filtering and File Analysis

Product Guide. McAfee Web Gateway Cloud Service

Security for the Cloud Era

Managing Graymail. Overview of Graymail. Graymail Management Solution in Security Appliance

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

NetDefend Firewall UTM Services

Security Experts Webinar

Cisco Firepower NGFW. Anticipate, block, and respond to threats

We re ready. Are you?

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

Synchronized Security

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

IronPort X1000 Security System

Vendor: Cisco. Exam Code: Exam Name: ESFE Cisco Security Field Engineer Specialist. Version: Demo

Comprehensive datacenter protection

IBM Security Network Protection Solutions

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Outbreak Filters. Overview of Outbreak Filters. This chapter contains the following sections:

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Sender Reputation Filtering

Cisco Security Appliances

Symantec Protection Suite Add-On for Hosted Security

Compare Security Analytics Solutions

On the Surface. Security Datasheet. Security Datasheet

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

AccessEnforcer Version 4.0 Features List

AT&T Endpoint Security

Cisco Advanced Malware Protection. May 2016

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Cisco Systems, Inc IronPort

CipherCloud CASB+ Connector for ServiceNow

Web Application Firewall for Web Environments

Annexure E Technical Bid Format

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

Symantec Security.cloud

Secure solutions for advanced threats

The Eight Components of a Strong Cyber Security Defense System

Corrigendum 3. Tender Number: 10/ dated

1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic

Understanding the Pipeline

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

WORLD WIDE TECHNOLOGY Brief Overview

Agile Security Solutions

The Internet of Everything is changing Everything

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

Simplify Technology Deployments

Symantec Ransomware Protection

THE SONICWALL CLEAN VPN APPROACH FOR THE MOBILE WORKFORCE

Anti-Virus. Anti-Virus Scanning Overview. This chapter contains the following sections:

Monitor System Activity Through Logs

Kerio Control. Unified Threat Management without Complexity. Presenters name. Presented by

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

Un SOC avanzato per una efficace risposta al cybercrime

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

Security Hands-On Lab

Transcription:

Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved. 1

Cisco Security The Power for Advanced Protection Cisco IronPort E-mail Security Appliance Cisco IronPort Web Security Appliance Update Q&A 2010 Cisco and/or its affiliates. All rights reserved. 2

2010 Cisco and/or its affiliates. All rights reserved. 3

Overview Most Accurate Protection Against a Broad Range of Threats Global Threat Telemetry Cisco Threat Operations Center Global Threat Telemetry Dynamic Updates and Actionable Intelligence www Adaptive Security Appliances Intrusion Prevention Solution Email Security Appliances Web Security Appliances System Administrators 2010 Cisco and/or its affiliates. All rights reserved. 4 4

Key Components Powerful Ecosystem Enables Fast, Accurate Protection World s biggest, broadest and best traffic monitoring network Cisco SensorBase Cisco Threat Operations Center Global operation provides high responsiveness and accuracy Dynamic updates and actionable intelligence ensure fast, accurate protection Advanced Protection 2010 Cisco and/or its affiliates. All rights reserved. 5 5

2010 Cisco and/or its affiliates. All rights reserved. 6

Before IronPort After IronPort Internet Internet Firewall Firewall Encryption Platform Anti-Spam MTA DLP Scanner Anti-Virus Policy Enforcement DLP Policy Manager IronPort Email Security Appliance Mail Routing Groupware Groupware Users Users 2010 Cisco and/or its affiliates. All rights reserved. 7 7

Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 8

SensorBase Reputation Filtering IronPort Anti-Spam Who? How? Verdict Where? What? Spam Blocked Before Entering Network > 99% Catch Rate < 1 in 1 million False Positives 2010 Cisco and/or its affiliates. All rights reserved. 9

Real Time Threat Prevention Known good is delivered Reputation Filtering IronPort Anti-Spam Suspicious is rate limited and spam filtered Incoming Mail Good, Bad, and Unknown Email Known bad is blocked Cisco on Cisco Our Corporate Email Experience Message Category % Messages Stopped by Reputation Filtering 93.1% 700,876,217 Stopped as Invalid recipients 0.3% 2,280,104 Spam Detected 2.5% 18,617,700 Virus Detected 0.3% 2,144,793 Stopped by Content Filter 0.6% 4,878,312 Total Threat Messages: 96.8% 728,797,126 Clean Messages 3.2% 24,102,874 Total Attempted Messages: 752,900,000 2010 Cisco and/or its affiliates. All rights reserved. 10 10

Defense in Depth Spam Protection Spam Botnets Spammer Networks SMS Spam Attachment-based Spam EMAIL REPUTATION Who? What? MESSAGE CONTENT Verdict WEB REPUTATION Where? How? MESSAGE CONSTRUCTION Malware/Phishes Image Spam Short-Texted Spam with URLs Spam created using Automation Tools 2010 Cisco and/or its affiliates. All rights reserved. 11 11

Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 12

Virus Outbreak Filters Anti-Virus Engines Zero Hour Virus and Malware Detection Complementary Anti-Virus Engines 2010 Cisco and/or its affiliates. All rights reserved. 13

Zero Hour Malware Prevention SensorBase Virus Outbreak Filters In Action Dynamic Quarantine Since VOF we have not had a single virus outbreak! INTERNET Virus Filter Over 24,000 virus positive messages stopped in 9 months Virus Outbreak Filters Advantage Average lead time* over 13 hours Outbreaks blocked* 291 outbreaks Total incremental protection*. over 157 days VOF has stopped more than 12,000 separate viral messages in the last year 2010 Cisco and/or its affiliates. All rights reserved. 14

Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 15

Simple Set Up Easy 3 click set-up using content filters Use pre-defined content categories or create / customize your own Can be applied to specific users under specific conditions 2010 Cisco and/or its affiliates. All rights reserved. 16

100+ Predefined Policies for Comprehensive Coverage 2010 Cisco and/or its affiliates. All rights reserved. 17 17

Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 18

Single view of policies for the entire organization Categories: by Domain, Username, or LDAP Allow all media files Quarantine executables IT Mark and Deliver Spam Delete Executables SALES Archive all mail Virus Outbreak Filters disabled for.doc files IronPort Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance. PC Magazine LEGAL 2010 Cisco and/or its affiliates. All rights reserved. 19

Multiple data points Comprehensive Insight Unified Business Reporting Consolidated Reports Single view across the organization Real Time insight into email traffic and security threats Email Volumes Spam Counters Policy Violations Virus Reports Outgoing Email Data Reputation Service System Health View Actionable drill down reports 2010 Cisco and/or its affiliates. All rights reserved. 20

Message Tracking What happened to the email I sent 2 hours ago? Track Individual Email Messages Who else received similar emails? Forensics to Ensure Compliance 2010 Cisco and/or its affiliates. All rights reserved. 21

2010 Cisco and/or its affiliates. All rights reserved. 22

Ubiquitous Path In and Out of Enterprise Networks Growing business web usage FTP SOAP IM RPC Video Growing tunneled apps usage HTTP is the New TCP 2010 Cisco and/or its affiliates. All rights reserved. 23 23

Adressing Business Challenges Secure Against Malware Prevent Data Breaches Cisco IronPort S-Series Control Web Traffic and Applications 2010 Cisco and/or its affiliates. All rights reserved. 24

Consolidation Drives Operational Efficiency Before Cisco IronPort After Cisco IronPort Internet Internet Firewall Firewall Web Proxy and Caching Anti-Spyware Anti-Virus Anti-Phishing Cisco IronPort WSA URL Filtering Policy Management Users Users 2010 Cisco and/or its affiliates. All rights reserved. 25 25

A Powerful, Secure Web Gateway Solution Most effective defense against web-based malware Visibility and control for acceptable use and data loss High performance to ensure best end-user experience Integrated solution offering optimum TCO Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web 2010 Cisco and/or its affiliates. All rights reserved. 26

Visibility and Control for the Web and Web Applications Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web Enterprise-class URL filtering Applications and object filtering Integrated identity and authentication 2010 Cisco and/or its affiliates. All rights reserved. 27

Cisco IronPort Web Usage Controls Leading Efficacy, Rich Controls, Comprehensive Visibility Control Per user, per group policies Multiple actions: block, warn, monitor Time-based policies Unlimited custom categories Custom end-user notifications Visibility Easy to understand reports Extensive logging Comprehensive alerting Efficacy 200+ countries 50+ languages 65 categories Less than 1 in 1 million false positives 2010 Cisco and/or its affiliates. All rights reserved. 28

Access Control Policy Instant Messaging Facebook: Limited Apps Video: 512 kbps max Employee in Finance Access Control Violation File Transfer over IM Facebook Chat, Email P2P Granular control over HTTP, HTTP(s), FTP applications Dynamic signature updates maintained by Cisco SIO Granular Control over Application Usage 2010 Cisco and/or its affiliates. All rights reserved. 29 29

Edit Facebook Controls 2010 Cisco and/or its affiliates. All rights reserved. 30 30

Chat Messages (Email) Events Notes Video Photos Places 3 rd Party Applications 2010 Cisco and/or its affiliates. All rights reserved. 31

Business Community Education Entertainment Games Sports Other Utilities Control 75K+ Facebook Applications 2010 Cisco and/or its affiliates. All rights reserved. 32

User-Specific Acceptable Use and Data Security Policies Authentication against LDAP servers Transparent, single sign-on (SSO) authentication against Active Directory Multi-realm sequencing Multi-domain authentication Guest policies Re-Auth and Failed Auth policies NTLM/Active Directory Define Acceptable Use and Data Security Policies using Rich Identity Constructs 2010 Cisco and/or its affiliates. All rights reserved. 33

Native control for HTTP, HTTP(s), FTP applications Selective decryption of SSL traffic for security and policy Policy enforcement for applications tunneled over HTTP FTP, IM, video Collaboration Software as a Service Tunneled Applications ftp://ftp.funet.fi/pub/ HTTP 2010 Cisco and/or its affiliates. All rights reserved. 34

Multiple layers for Malware and Spyware Protection Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web Malware landscape Multi-layered malware defense Network layer phone-home prevention Reputation filtering and signature scanning 2010 Cisco and/or its affiliates. All rights reserved. 35

Protection Against Today s Threats Layer 4 Traffic Monitor Web Reputation Filters Dynamic Vectoring and Streaming Engine Detects malicious botnet traffic across all ports Blocks 70 percent of known and unknown malware traffic at connection time\ Blocks malware based on deep content analysis 2010 Cisco and/or its affiliates. All rights reserved. 36

Preventing Phone-Home Traffic Cisco IronPort Layer 4 Traffic Monitor Scans all traffic, all ports, all protocols Detects malware bypassing Port 80 Prevents botnet traffic Packet and Header Inspection Users Network Layer Analysis Powerful anti-malware data Automatically updated rules Real-time rule generation using Dynamic Discovery Cisco IronPort S-Series Internet 2010 Cisco and/or its affiliates. All rights reserved. 37

Predictive, Real-Time Threat Prevention 200+ Parameters URL Blacklists URL Whitelists Cisco Security Intelligence Operations Dynamic IP Addresses Bot Networks URL Behavior Global Volume Data Domain Registrar Information Compromised Host List Real-Time Cloud Analysis SensorBase Network Security Modeling Web Reputation Scores (WBRS) -10 to +10 Network Owners Known Threat URLs 2010 Cisco and/or its affiliates. All rights reserved. 38

Cisco IronPort DVS Engine Dynamic Vectoring and Streaming Accelerated signature scanning Parallel scans Stream scanning Multiple integrated verdict engines McAfee, Webroot and Sophos Automated updates Decrypt and scan SSL traffic Selectively, based on category and reputation 2010 Cisco and/or its affiliates. All rights reserved. 39

Simplicity and Choice Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web Data security imperative and reality Simple on-box data security Advanced off-box data security 2010 Cisco and/or its affiliates. All rights reserved. 40

On-box Common Sense Security Content metadata inspection, along with visibility and forensics Allow, block, log Based on file metadata, URL category, user and web reputation Multi-protocol HTTP(s), FTP, HTTP tunneled www.mypartner.com Users Allow, Block, Log Internet www.malwarrior.com 2010 Cisco and/or its affiliates. All rights reserved. 41

Simple Approach for Avoiding Web Data Breaches Who? John Smith, Finance John Smith, Finance Jane Doe, Sales What? FiscalPlan.xls FiscalPlan.xls CustomerList.doc Where? Webmail.com Taxfirm.com Personal-site.com, -9 Reputation score How? HTTPS (Encrypted) HTTPS (Encrypted) FTP Verdict 2010 Cisco and/or its affiliates. All rights reserved. 42 42

2010 Cisco and/or its affiliates. All rights reserved. 43

AnyConnect Secure Mobility Anytime, Anywhere Secure Access Cisco AnyConnect 2.5 Always-on, location-aware, extremely lightweight, invisible to user Supported on all major devices and OS Cisco Security Enforcement Array (SEA) 1 2 3 Powerful Enforcement Engines High Performance Application and Identity Aware Hybrid Hosted Delivery Policy Abstracted from enforcement layer Acceptable Use, Access Control, Data Security, Anti- Malware 2010 Cisco and/or its affiliates. All rights reserved. 44 44

Industry s Highest-Performance Integrated Solution Secure Control Prevent Multi-layered malware defense Web reputation filters Accelerated signature scanning (DVS engine) Prevent botnets and malware bypassing Port 80 (L4TM) Integrated authentication and SSO Enterprise-class URL filtering Applications and object filtering Web usage visibility and tracking On-box simple data security Off-box interoperability with third-party DLP Prevent malwareinitiated data breaches (L4TM) 2010 Cisco and/or its affiliates. All rights reserved. 45

Thank you.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback